Access Control Admin Module

Manage role administrators using diamond storage

Key Features

• Internal functions for role administration.
• Uses the diamond storage pattern for shared state.
• Emits RoleAdminChanged event upon successful administration changes.
• Reverts with AccessControlUnauthorizedAccount for unauthorized calls.

Module Usage

This module provides internal functions for use in your custom facets. Import it to access shared logic and storage.

Overview

This module provides internal functions for managing role administrators within a diamond. Facets can import this module to set and query role administration relationships, leveraging shared diamond storage. Changes are immediately visible to all facets accessing the same storage.

Storage

AccessControlStorage

Storage struct for the AccessControl. storage-location: erc8042:compose.accesscontrol

Definition

struct AccessControlStorage {
  mapping(address account => mapping(bytes32 role => bool hasRole)) hasRole;
  mapping(bytes32 role => bytes32 adminRole) adminRole;
}

State Variables

Property	Type	Description
STORAGE_POSITION	bytes32	Diamond storage slot position for this module (Value: keccak256("compose.accesscontrol"))

Functions

getStorage

Returns the storage for the AccessControl.

function getStorage() pure returns (AccessControlStorage storage s);

Returns:

Property	Type	Description
s	AccessControlStorage	The storage for the AccessControl.

---

setRoleAdmin

Sets the admin role for a role. Emits a {RoleAdminChanged} event. Reverts with AccessControlUnauthorizedAccount If the caller is not the current admin of the role.

function setRoleAdmin(bytes32 _role, bytes32 _adminRole) ;

Parameters:

Property	Type	Description
_role	bytes32	The role to set the admin for.
_adminRole	bytes32	The new admin role to set.

Events

Emitted when the admin role for a role is changed.

Signature:

event RoleAdminChanged(bytes32 indexed _role, bytes32 indexed _previousAdminRole, bytes32 indexed _newAdminRole);

Parameters:

Property	Type	Description
_role	bytes32	The role that was changed.
_previousAdminRole	bytes32	The previous admin role.
_newAdminRole	bytes32	The new admin role.

Errors

Thrown when the account does not have a specific role.

Signature:

error AccessControlUnauthorizedAccount(address _account, bytes32 _role);

Best Practices

Best Practice

• Ensure the caller has the necessary permissions before calling setRoleAdmin.
• Verify that the AccessControlStorage struct layout remains compatible across diamond upgrades.
• Handle the AccessControlUnauthorizedAccount error when the caller lacks administrative privileges.

Integration Notes

Shared Storage

This module interacts with the diamond's shared storage at the position identified by keccak2535("compose.accesscontrol"). The AccessControlStorage struct, though empty in definition, dictates the layout for access control data. Any changes made to role administrators via setRoleAdmin are immediately reflected in this shared storage and thus visible to all facets operating on the same diamond storage.

Was this helpful?

Last updated:March 13, 2026