Access Control Grant Module

Grant roles to accounts within a diamond

Key Features

• Internal functions for role granting, suitable for custom facets.
• Leverages the diamond storage pattern for shared state management.
• Emits RoleGranted event upon successful role assignment.
• Reverts with AccessControlUnauthorizedAccount if caller lacks admin rights.

Module Usage

This module provides internal functions for use in your custom facets. Import it to access shared logic and storage.

Overview

This module provides internal functions for granting roles to specific accounts. Facets can import and utilize this module to manage role assignments using shared diamond storage. Changes to role assignments are immediately reflected across all facets that access the same storage.

Storage

AccessControlStorage

storage struct for the AccessControl. storage-location: erc8042:compose.accesscontrol

Definition

struct AccessControlStorage {
  mapping(address account => mapping(bytes32 role => bool hasRole)) hasRole;
  mapping(bytes32 role => bytes32 adminRole) adminRole;
}

State Variables

Property	Type	Description
STORAGE_POSITION	bytes32	Diamond storage slot position for this module (Value: keccak256("compose.accesscontrol"))

Functions

getStorage

Returns the storage for the AccessControl.

function getStorage() pure returns (AccessControlStorage storage _s);

Returns:

Property	Type	Description
_s	AccessControlStorage	The storage for the AccessControl.

---

grantRole

function to grant a role to an account. Reverts with AccessControlUnauthorizedAccount If the caller is not the admin of the role.

function grantRole(bytes32 _role, address _account) returns (bool);

Parameters:

Property	Type	Description
_role	bytes32	The role to grant.
_account	address	The account to grant the role to.

Returns:

Property	Type	Description
-	bool	True if the role was granted, false otherwise.

Events

Emitted when a role is granted to an account.

Signature:

event RoleGranted(bytes32 indexed _role, address indexed _account, address indexed _sender);

Parameters:

Property	Type	Description
_role	bytes32	The role that was granted.
_account	address	The account that was granted the role.
_sender	address	The sender that granted the role.

Errors

Thrown when the account does not have a specific role.

Signature:

error AccessControlUnauthorizedAccount(address _account, bytes32 _role);

Best Practices

Best Practice

• Ensure the caller has the necessary administrative permissions before invoking grantRole.
• Handle the AccessControlUnauthorizedAccount error appropriately in calling facets.
• Verify that the AccessControlGrantMod module is initialized with the correct diamond storage position.

Integration Notes

Shared Storage

This module interacts with diamond storage at a predefined STORAGE_POSITION identified by keccak2535("compose.accesscontrol"). The grantRole function directly modifies the shared AccessControlStorage struct, making role assignments immediately visible to all facets accessing this storage. The getStorage function provides access to the current storage layout without modifying state.

Was this helpful?

Last updated:March 13, 2026