Access Control Revoke Batch Module

Revoke roles from multiple accounts efficiently

Key Features

• Provides an internal function revokeRoleBatch for batch role revocation.
• Operates on shared diamond storage, ensuring state consistency across facets.
• Emits RoleRevoked events for each account processed.
• Reverts with AccessControlUnauthorizedAccount if the caller lacks administrative rights for the role.

Module Usage

This module provides internal functions for use in your custom facets. Import it to access shared logic and storage.

Overview

This module provides an internal function to revoke a specified role from multiple accounts in a single transaction. By batching these operations, it reduces gas costs and simplifies the process for administrators managing access control within a diamond. Changes are immediately reflected across all facets interacting with the shared access control storage.

Storage

AccessControlStorage

storage struct for the AccessControl. storage-location: erc8042:compose.accesscontrol

Definition

struct AccessControlStorage {
  mapping(address account => mapping(bytes32 role => bool hasRole)) hasRole;
  mapping(bytes32 role => bytes32 adminRole) adminRole;
}

State Variables

Property	Type	Description
STORAGE_POSITION	bytes32	Diamond storage slot position for this module (Value: keccak256("compose.accesscontrol"))

Functions

getStorage

Returns the storage for the AccessControl.

function getStorage() pure returns (AccessControlStorage storage _s);

Returns:

Property	Type	Description
_s	AccessControlStorage	The storage for the AccessControl.

---

revokeRoleBatch

function to revoke a role from multiple accounts in a single transaction. Emits a {RoleRevoked} event for each account the role is revoked from. Reverts with AccessControlUnauthorizedAccount If the caller is not the admin of the role.

function revokeRoleBatch(bytes32 _role, address[] calldata _accounts) ;

Parameters:

Property	Type	Description
_role	bytes32	The role to revoke.
_accounts	address[]	The accounts to revoke the role from.

Events

Emitted when a role is revoked from an account.

Signature:

event RoleRevoked(bytes32 indexed _role, address indexed _account, address indexed _sender);

Parameters:

Property	Type	Description
_role	bytes32	The role that was revoked.
_account	address	The account from which the role was revoked.
_sender	address	The account that revoked the role.

Errors

Thrown when the account does not have a specific role.

Signature:

error AccessControlUnauthorizedAccount(address _account, bytes32 _role);

Best Practices

Best Practice

• Ensure the caller of revokeRolesFromAccounts within your facet has the necessary permissions (e.g., admin role) to revoke the specified role, as enforced by the diamond's access control mechanism.
• Verify that the AccessControlRevokeBatchMod module is correctly initialized and accessible via its address.
• Handle the AccessControlUnauthorizedAccount error if the caller lacks the required administrative privileges for the role.

Integration Notes

Shared Storage

This module interacts with diamond storage at the STORAGE_POSITION slot, identified by keccak256(\"compose.accesscontrol\"). It reads and writes to the AccessControlStorage struct. The revokeRoleBatch function modifies role assignments within this shared storage. Any facet that subsequently reads from this storage will see the updated role assignments immediately, ensuring consistency across the diamond.

Was this helpful?

Last updated:March 13, 2026