# AccessControlUpgradeable *Contract module that allows children to implement role-based access control mechanisms. Roles are referred to by their `bytes32` identifier. These should be exposed in the external API and be unique. The best way to achieve this is by using `public constant` hash digests: `bytes32 public constant MY_ROLE = keccak256("MY_ROLE");` Roles can be used to represent a set of permissions. To restrict access to a function call, use {hasRole}: `function foo() public { require(hasRole(MY_ROLE, msg.sender)); ... }` Roles can be granted and revoked dynamically via the {grantRole} and {revokeRole} functions. Each role has an associated admin role, and only accounts that have a role's admin role can call {grantRole} and {revokeRole}. By default, the admin role for all roles is `DEFAULT_ADMIN_ROLE`, which means that only accounts with this role will be able to grant or revoke other roles. More complex role relationships can be created by using {\_setRoleAdmin}. WARNING: The `DEFAULT_ADMIN_ROLE` is also its own admin: it has permission to grant and revoke this role. Extra precautions should be taken to secure accounts that have been granted it.* ## Methods ### DEFAULT\_ADMIN\_ROLE ```solidity function DEFAULT_ADMIN_ROLE() external view returns (bytes32) ``` #### Returns | Name | Type | Description | | ---- | ------- | ----------- | | \_0 | bytes32 | undefined | ### getRoleAdmin ```solidity function getRoleAdmin(bytes32 role) external view returns (bytes32) ``` *Returns the admin role that controls `role`. See {grantRole} and {revokeRole}. To change a role's admin, use {\_setRoleAdmin}.* #### Parameters | Name | Type | Description | | ---- | ------- | ----------- | | role | bytes32 | undefined | #### Returns | Name | Type | Description | | ---- | ------- | ----------- | | \_0 | bytes32 | undefined | ### getRoleMember ```solidity function getRoleMember(bytes32 role, uint256 index) external view returns (address) ``` *Returns one of the accounts that have `role`. `index` must be a value between 0 and {getRoleMemberCount}, non-inclusive. Role bearers are not sorted in any particular way, and their ordering may change at any point. WARNING: When using {getRoleMember} and {getRoleMemberCount}, make sure you perform all queries on the same block. See the following post] for more information.* #### Parameters | Name | Type | Description | | ----- | ------- | ----------- | | role | bytes32 | undefined | | index | uint256 | undefined | #### Returns | Name | Type | Description | | ---- | ------- | ----------- | | \_0 | address | undefined | ### getRoleMemberCount ```solidity function getRoleMemberCount(bytes32 role) external view returns (uint256) ``` *Returns the number of accounts that have `role`. Can be used together with {getRoleMember} to enumerate all bearers of a role.* #### Parameters | Name | Type | Description | | ---- | ------- | ----------- | | role | bytes32 | undefined | #### Returns | Name | Type | Description | | ---- | ------- | ----------- | | \_0 | uint256 | undefined | ### grantRole ```solidity function grantRole(bytes32 role, address account) external nonpayable ``` *Grants `role` to `account`. If `account` had not been already granted `role`, emits a {RoleGranted} event. Requirements: - the caller must have `role`'s admin role.* #### Parameters | Name | Type | Description | | ------- | ------- | ----------- | | role | bytes32 | undefined | | account | address | undefined | ### hasRole ```solidity function hasRole(bytes32 role, address account) external view returns (bool) ``` *Returns `true` if `account` has been granted `role`.* #### Parameters | Name | Type | Description | | ------- | ------- | ----------- | | role | bytes32 | undefined | | account | address | undefined | #### Returns | Name | Type | Description | | ---- | ---- | ----------- | | \_0 | bool | undefined | ### renounceRole ```solidity function renounceRole(bytes32 role, address account) external nonpayable ``` *Revokes `role` from the calling account. Roles are often managed via {grantRole} and {revokeRole}: this function's purpose is to provide a mechanism for accounts to lose their privileges if they are compromised (such as when a trusted device is misplaced). If the calling account had been granted `role`, emits a {RoleRevoked} event. Requirements: - the caller must be `account`.* #### Parameters | Name | Type | Description | | ------- | ------- | ----------- | | role | bytes32 | undefined | | account | address | undefined | ### revokeRole ```solidity function revokeRole(bytes32 role, address account) external nonpayable ``` *Revokes `role` from `account`. If `account` had been granted `role`, emits a {RoleRevoked} event. Requirements: - the caller must have `role`'s admin role.* #### Parameters | Name | Type | Description | | ------- | ------- | ----------- | | role | bytes32 | undefined | | account | address | undefined | ## Events ### RoleAdminChanged ```solidity event RoleAdminChanged(bytes32 indexed role, bytes32 indexed previousAdminRole, bytes32 indexed newAdminRole) ``` *Emitted when `newAdminRole` is set as `role`'s admin role, replacing `previousAdminRole`* *`DEFAULT_ADMIN_ROLE` is the starting admin for all roles, despite {RoleAdminChanged} not being emitted signaling this. Available since v3.1.* #### Parameters | Name | Type | Description | | --------------------------- | ------- | ----------- | | role `indexed` | bytes32 | undefined | | previousAdminRole `indexed` | bytes32 | undefined | | newAdminRole `indexed` | bytes32 | undefined | ### RoleGranted ```solidity event RoleGranted(bytes32 indexed role, address indexed account, address indexed sender) ``` *Emitted when `account` is granted `role`. `sender` is the account that originated the contract call, an admin role bearer except when using {\_setupRole}.* #### Parameters | Name | Type | Description | | ----------------- | ------- | ----------- | | role `indexed` | bytes32 | undefined | | account `indexed` | address | undefined | | sender `indexed` | address | undefined | ### RoleRevoked ```solidity event RoleRevoked(bytes32 indexed role, address indexed account, address indexed sender) ``` *Emitted when `account` is revoked `role`. `sender` is the account that originated the contract call: - if using `revokeRole`, it is the admin role bearer - if using `renounceRole`, it is the role bearer (i.e. `account`)* #### Parameters | Name | Type | Description | | ----------------- | ------- | ----------- | | role `indexed` | bytes32 | undefined | | account `indexed` | address | undefined | | sender `indexed` | address | undefined |