Access Control Revoke Facet

Revokes roles from accounts within a diamond

Key Features

• Revokes roles from accounts using diamond storage.
• Emits RoleRevoked event upon successful revocation.
• Reverts with AccessControlUnauthorizedAccount if the caller lacks administrative privileges for the role.
• Exports facet selectors via exportSelectors.

Overview

This facet provides functionality to revoke roles from specific accounts within a Compose diamond. It interacts with shared diamond storage to manage role assignments. Developers integrate this facet to enable dynamic permission management, ensuring only authorized entities can perform certain actions.

Storage

AccessControlStorage

Definition

struct AccessControlStorage {
  mapping(address account => mapping(bytes32 role => bool hasRole)) hasRole;
  mapping(bytes32 role => bytes32 adminRole) adminRole;
}

State Variables

Property	Type	Description
STORAGE_POSITION	bytes32	Diamond storage slot position for this module (Value: keccak256("compose.accesscontrol"))

Functions

revokeRole

Revokes a role from an account. Emits a RoleRevoked event. Reverts with AccessControlUnauthorizedAccount If the caller is not the admin of the role.

function revokeRole(bytes32 _role, address _account) external;

Parameters:

Property	Type	Description
_role	bytes32	The role to revoke.
_account	address	The account to revoke the role from.

---

exportSelectors

Exports the selectors that are exposed by the facet.

function exportSelectors() external pure returns (bytes memory);

Returns:

Property	Type	Description
-	bytes	Selectors that are exported by the facet.

Events

Emitted when a role is revoked from an account.

Signature:

event RoleRevoked(bytes32 indexed _role, address indexed _account, address indexed _sender);

Parameters:

Property	Type	Description
_role	bytes32	The role that was revoked.
_account	address	The account from which the role was revoked.
_sender	address	The account that revoked the role.

Errors

Thrown when the account does not have a specific role.

Signature:

error AccessControlUnauthorizedAccount(address _account, bytes32 _role);

Best Practices

Best Practice

• Enforce access control on the revokeRole function to ensure only authorized callers can revoke roles.
• Ensure the AccessControlRevokeMod is properly integrated and initialized to manage role revocation logic.
• Verify that the AccessControlStorage struct in diamond storage is compatible before upgrading or adding this facet.

Security Considerations

Security

The revokeRole function is protected by an access control mechanism, reverting with AccessControlUnauthorizedAccount if the caller is not the administrator of the specified role. Follow standard Solidity security practices for input validation and state management. Ensure proper initialization of roles and accounts before attempting revocation.

Was this helpful?

Last updated:March 13, 2026