Access Control Grant Batch Module

Grant roles to multiple accounts efficiently

Key Features

• Internal functions for composability within facets.
• Efficient batch granting of roles to multiple accounts.
• Utilizes diamond storage for shared state management.
• No external dependencies, promoting a self-contained design.

Module Usage

This module provides internal functions for use in your custom facets. Import it to access shared logic and storage.

Overview

This module provides an internal function for granting roles to multiple accounts in a single transaction, reducing gas costs and complexity. Facets can import this module to manage role assignments using shared diamond storage. Changes made through this module are immediately visible to all facets interacting with the same access control storage.

Storage

AccessControlStorage

storage struct for the AccessControl. storage-location: erc8042:compose.accesscontrol

Definition

struct AccessControlStorage {
  mapping(address account => mapping(bytes32 role => bool hasRole)) hasRole;
  mapping(bytes32 role => bytes32 adminRole) adminRole;
}

State Variables

Property	Type	Description
STORAGE_POSITION	bytes32	Diamond storage slot position for this module (Value: keccak256("compose.accesscontrol"))

Functions

getStorage

Returns the storage for the AccessControl.

function getStorage() pure returns (AccessControlStorage storage _s);

Returns:

Property	Type	Description
_s	AccessControlStorage	The storage for the AccessControl.

---

grantRoleBatch

function to grant a role to multiple accounts in a single transaction. Emits a {RoleGranted} event for each newly granted account. Reverts with AccessControlUnauthorizedAccount If the caller is not the admin of the role.

function grantRoleBatch(bytes32 _role, address[] calldata _accounts) ;

Parameters:

Property	Type	Description
_role	bytes32	The role to grant.
_accounts	address[]	The accounts to grant the role to.

Events

Emitted when a role is granted to an account.

Signature:

event RoleGranted(bytes32 indexed _role, address indexed _account, address indexed _sender);

Parameters:

Property	Type	Description
_role	bytes32	The role that was granted.
_account	address	The account that was granted the role.
_sender	address	The sender that granted the role.

Errors

Thrown when the account does not have a specific role.

Signature:

error AccessControlUnauthorizedAccount(address _account, bytes32 _role);

Best Practices

Best Practice

• Ensure the caller has the necessary permissions to grant roles before invoking grantRoleBatch.
• Verify that the AccessControlStorage struct definition in your diamond is compatible with this module.
• Handle the AccessControlUnauthorizedAccount error, which is reverted if the caller lacks the required role.

Integration Notes

Shared Storage

This module interacts with diamond storage at the position identified by keccak2535(\"compose.accesscontrol\"). The AccessControlStorage struct is accessed and modified by the grantRoleBatch function. Any updates to role assignments are immediately reflected across all facets that read from this shared storage position. The getStorage function provides direct access to this storage for inspection or compatibility checks.

Was this helpful?

Last updated:March 13, 2026