Access Control Revoke Module

Revoke roles from accounts using diamond storage

Key Features

• Functions are internal, designed for use within other diamond facets.
• Leverages the diamond storage pattern for shared state management.
• Emits a RoleRevoked event upon successful role revocation.
• No external dependencies, ensuring composability.

Module Usage

This module provides internal functions for use in your custom facets. Import it to access shared logic and storage.

Overview

This module provides internal functions to revoke roles from accounts within a diamond. By utilizing shared diamond storage, changes made through this module are immediately visible to all facets accessing the same storage. This ensures consistent access control across the diamond.

Storage

AccessControlStorage

storage struct for the AccessControl. storage-location: erc8042:compose.accesscontrol

Definition

struct AccessControlStorage {
  mapping(address account => mapping(bytes32 role => bool hasRole)) hasRole;
  mapping(bytes32 role => bytes32 adminRole) adminRole;
}

State Variables

Property	Type	Description
STORAGE_POSITION	bytes32	Diamond storage slot position for this module (Value: keccak256("compose.accesscontrol"))

Functions

getStorage

Returns the storage for the AccessControl.

function getStorage() pure returns (AccessControlStorage storage _s);

Returns:

Property	Type	Description
_s	AccessControlStorage	The storage for the AccessControl.

---

revokeRole

function to revoke a role from an account. Reverts with AccessControlUnauthorizedAccount If the caller is not the admin of the role.

function revokeRole(bytes32 _role, address _account) returns (bool);

Parameters:

Property	Type	Description
_role	bytes32	The role to revoke.
_account	address	The account to revoke the role from.

Returns:

Property	Type	Description
-	bool	True if the role was revoked, false otherwise.

Events

Emitted when a role is revoked from an account.

Signature:

event RoleRevoked(bytes32 indexed _role, address indexed _account, address indexed _sender);

Parameters:

Property	Type	Description
_role	bytes32	The role that was revoked.
_account	address	The account from which the role was revoked.
_sender	address	The account that revoked the role.

Errors

Thrown when the account does not have a specific role.

Signature:

error AccessControlUnauthorizedAccount(address _account, bytes32 _role);

Best Practices

Best Practice

• Ensure that the caller has the necessary permissions to revoke the specified role before calling revokeRole.
• Verify that the AccessControlStorage struct layout in AccessControlRevokeMod is compatible with other facets accessing the same storage slot during diamond upgrades.
• Handle the AccessControlUnauthorizedAccount error, which is reverted if the caller is not authorized to revoke the role.

Integration Notes

Shared Storage

This module interacts with diamond storage at the slot identified by STORAGE_POSITION, keyed as keccak2535('compose.accesscontrol'). The AccessControlStorage struct, though empty in this specific definition, is managed at this slot. Functions within this module directly read from and write to this shared storage. Any changes to role assignments made via revokeRole are immediately reflected for all facets that access the same storage slot, ensuring data consistency across the diamond.

Was this helpful?

Last updated:March 13, 2026