Access Control Data Module

Manage access control roles and accounts

Key Features

Provides internal functions for role checking.
Leverages diamond storage pattern for shared state.
Utilizes custom error AccessControlUnauthorizedAccount for revert reasons.
No external dependencies, promoting composability.

Module Usage

This module provides internal functions for use in your custom facets. Import it to access shared logic and storage.

Overview

This module provides internal functions for checking and enforcing access control roles within a diamond. Facets import this module to interact with shared diamond storage, enabling role-based permissions. Changes to role assignments are immediately visible to all facets accessing the same storage.

Storage

AccessControlStorage

storage struct for the AccessControl. storage-location: erc8042:compose.accesscontrol

Definition

struct AccessControlStorage {
  mapping(address account => mapping(bytes32 role => bool hasRole)) hasRole;
  mapping(bytes32 role => bytes32 adminRole) adminRole;
}

State Variables

Property	Type	Description
`STORAGE_POSITION`	`bytes32`	Diamond storage slot position for this module (Value: `keccak256("compose.accesscontrol")`)
`DEFAULT_ADMIN_ROLE`	`bytes32`	Default administrative role identifier (bytes32(0)) (Value: `0x00`)

Functions

getStorage

Returns the storage for the AccessControl.

function getStorage() pure returns (AccessControlStorage storage _s);

Returns:

Property	Type	Description
`_s`	`AccessControlStorage`	The storage for the AccessControl.

hasRole

function to check if an account has a role.

function hasRole(bytes32 _role, address _account) view returns (bool);

Parameters:

Property	Type	Description
`_role`	`bytes32`	The role to check.
`_account`	`address`	The account to check the role for.

Returns:

Property	Type	Description
`-`	`bool`	True if the account has the role, false otherwise.

requireRole

function to check if an account has a required role. Reverts with AccessControlUnauthorizedAccount If the account does not have the role.

function requireRole(bytes32 _role, address _account) view;

Parameters:

Property	Type	Description
`_role`	`bytes32`	The role to assert.
`_account`	`address`	The account to assert the role for.

Errors

AccessControlUnauthorizedAccount

Best Practices

Best Practice

Call requireRole to enforce access control checks before executing sensitive operations.
Use hasRole for conditional logic that depends on an account's role.
Ensure the diamond storage address is correctly initialized for AccessControlDataMod.

Integration Notes

Shared Storage

This module interacts with diamond storage at the STORAGE_POSITION defined by keccak256("compose.accesscontrol"). All functions operate on the AccessControlStorage struct, which is shared across all facets within the diamond. Changes to roles made by other facets or modules are immediately reflected when calling hasRole or requireRole.

Was this helpful?

Last updated:March 13, 2026

Overview​

Storage​

AccessControlStorage​

State Variables​

Functions​

getStorage​

hasRole​

requireRole​

Errors​

Best Practices​

Integration Notes​

Newsletter