Access Control Grant Batch Facet

Grants roles to multiple accounts in batch

Key Features

• Grants roles to multiple accounts in a single atomic operation.
• Emits RoleGranted events for each account granted a role.
• Uses diamond storage for role management, ensuring state consistency across facets.
• Provides exportSelectors for easy integration into diamond upgrade processes.

Overview

This facet exposes an external function to grant a specific role to multiple accounts efficiently within a single transaction. It enhances the diamond's access control capabilities by reducing gas costs and complexity for bulk role assignments. Calls are routed through the diamond proxy, interacting with shared diamond storage.

Storage

AccessControlStorage

Definition

struct AccessControlStorage {
  mapping(address account => mapping(bytes32 role => bool hasRole)) hasRole;
  mapping(bytes32 role => bytes32 adminRole) adminRole;
}

State Variables

Property	Type	Description
STORAGE_POSITION	bytes32	Diamond storage slot position for this module (Value: keccak256("compose.accesscontrol"))

Functions

grantRoleBatch

Grants a role to multiple accounts in a single transaction. Emits a RoleGranted event for each newly granted account. Reverts with AccessControlUnauthorizedAccount If the caller is not the admin of the role.

function grantRoleBatch(bytes32 _role, address[] calldata _accounts) external;

Parameters:

Property	Type	Description
_role	bytes32	The role to grant.
_accounts	address[]	The accounts to grant the role to.

---

exportSelectors

Exports the selectors that are exposed by the facet.

function exportSelectors() external pure returns (bytes memory);

Returns:

Property	Type	Description
-	bytes	Selectors that are exported by the facet.

Events

Emitted when a role is granted to an account.

Signature:

event RoleGranted(bytes32 indexed _role, address indexed _account, address indexed _sender);

Parameters:

Property	Type	Description
_role	bytes32	The role that was granted.
_account	address	The account that was granted the role.
_sender	address	The sender that granted the role.

Errors

Thrown when the account does not have a specific role.

Signature:

error AccessControlUnauthorizedAccount(address _account, bytes32 _role);

Best Practices

Best Practice

• Ensure the caller has the necessary administrative privileges to grant the specified role before invoking grantRoleBatch.
• Verify that the AccessControlGrantBatchFacet is correctly added to the diamond with the appropriate selectors.
• Consider the gas implications for very large _accounts arrays; for extremely large lists, multiple calls might be more gas-efficient.

Security Considerations

Security

The grantRoleBatch function is protected by access control, reverting with AccessControlUnauthorizedAccount if the caller does not possess the required administrative role for the target role. Input validation is performed by the underlying access control mechanism. Follow standard Solidity security practices for managing roles and account permissions.

Was this helpful?

Last updated:March 13, 2026