Access Control Revoke Batch Facet

Revoke roles from multiple accounts efficiently

Key Features

• Enables batch revocation of roles for improved gas efficiency.
• Integrates with diamond storage via STORAGE_POSITION.
• Emits RoleRevoked event for each revoked account.
• Includes exportSelectors for facet discovery.

Overview

This facet provides an efficient way to revoke a specified role from multiple accounts in a single transaction. It integrates with the diamond's shared storage to manage access control state. Developers can add this facet to their diamond to streamline batch role revocations.

Storage

AccessControlStorage

Definition

struct AccessControlStorage {
  mapping(address account => mapping(bytes32 role => bool hasRole)) hasRole;
  mapping(bytes32 role => bytes32 adminRole) adminRole;
}

State Variables

Property	Type	Description
STORAGE_POSITION	bytes32	Diamond storage slot position for this module (Value: keccak256("compose.accesscontrol"))

Functions

revokeRoleBatch

Revokes a role from multiple accounts in a single transaction. Emits a RoleRevoked event for each account the role is revoked from. Reverts with AccessControlUnauthorizedAccount If the caller is not the admin of the role.

function revokeRoleBatch(bytes32 _role, address[] calldata _accounts) external;

Parameters:

Property	Type	Description
_role	bytes32	The role to revoke.
_accounts	address[]	The accounts to revoke the role from.

---

exportSelectors

Exports the selectors that are exposed by the facet.

function exportSelectors() external pure returns (bytes memory);

Returns:

Property	Type	Description
-	bytes	Selectors that are exported by the facet.

Events

Emitted when a role is revoked from an account.

Signature:

event RoleRevoked(bytes32 indexed _role, address indexed _account, address indexed _sender);

Parameters:

Property	Type	Description
_role	bytes32	The role that was revoked.
_account	address	The account from which the role was revoked.
_sender	address	The account that revoked the role.

Errors

Thrown when the account does not have a specific role.

Signature:

error AccessControlUnauthorizedAccount(address _account, bytes32 _role);

Best Practices

Best Practice

• Ensure the caller has the necessary administrative privileges to revoke the specified role.
• Verify the AccessControlStorage struct in diamond storage is correctly initialized before using this facet.
• Use exportSelectors to discover the facet's capabilities during diamond upgrades.

Security Considerations

Security

Access to revokeRoleBatch is restricted to authorized callers, enforced by the AccessControlUnauthorizedAccount error. Ensure the caller possesses the administrative rights for the target role. The function operates on shared diamond storage; maintain invariants of the AccessControlStorage struct. Follow standard Solidity security practices for input validation and reentrancy.

Was this helpful?

Last updated:March 13, 2026