AccessControlUpgradeable
Last updated
Last updated
Contract module that allows children to implement role-based access control mechanisms. Roles are referred to by their bytes32
identifier. These should be exposed in the external API and be unique. The best way to achieve this is by using public constant
hash digests: bytes32 public constant MY_ROLE = keccak256("MY_ROLE");
Roles can be used to represent a set of permissions. To restrict access to a function call, use {hasRole}: function foo() public { require(hasRole(MY_ROLE, msg.sender)); ... }
Roles can be granted and revoked dynamically via the {grantRole} and {revokeRole} functions. Each role has an associated admin role, and only accounts that have a role's admin role can call {grantRole} and {revokeRole}. By default, the admin role for all roles is DEFAULT_ADMIN_ROLE
, which means that only accounts with this role will be able to grant or revoke other roles. More complex role relationships can be created by using {_setRoleAdmin}. WARNING: The DEFAULT_ADMIN_ROLE
is also its own admin: it has permission to grant and revoke this role. Extra precautions should be taken to secure accounts that have been granted it.
Name | Type | Description |
---|---|---|
Returns the admin role that controls role
. See {grantRole} and {revokeRole}. To change a role's admin, use {_setRoleAdmin}.
Name | Type | Description |
---|---|---|
Name | Type | Description |
---|---|---|
Returns one of the accounts that have role
. index
must be a value between 0 and {getRoleMemberCount}, non-inclusive. Role bearers are not sorted in any particular way, and their ordering may change at any point. WARNING: When using {getRoleMember} and {getRoleMemberCount}, make sure you perform all queries on the same block. See the following https://forum.openzeppelin.com/t/iterating-over-elements-on-enumerableset-in-openzeppelin-contracts/2296[forum post] for more information.
Returns the number of accounts that have role
. Can be used together with {getRoleMember} to enumerate all bearers of a role.
Grants role
to account
. If account
had not been already granted role
, emits a {RoleGranted} event. Requirements: - the caller must have role
's admin role.
Returns true
if account
has been granted role
.
Revokes role
from the calling account. Roles are often managed via {grantRole} and {revokeRole}: this function's purpose is to provide a mechanism for accounts to lose their privileges if they are compromised (such as when a trusted device is misplaced). If the calling account had been granted role
, emits a {RoleRevoked} event. Requirements: - the caller must be account
.
Revokes role
from account
. If account
had been granted role
, emits a {RoleRevoked} event. Requirements: - the caller must have role
's admin role.
Emitted when newAdminRole
is set as role
's admin role, replacing previousAdminRole
DEFAULT_ADMIN_ROLE
is the starting admin for all roles, despite {RoleAdminChanged} not being emitted signaling this. Available since v3.1.
Emitted when account
is granted role
. sender
is the account that originated the contract call, an admin role bearer except when using {_setupRole}.
Emitted when account
is revoked role
. sender
is the account that originated the contract call: - if using revokeRole
, it is the admin role bearer - if using renounceRole
, it is the role bearer (i.e. account
)
Name | Type | Description |
---|---|---|
Name | Type | Description |
---|---|---|
Name | Type | Description |
---|---|---|
Name | Type | Description |
---|---|---|
Name | Type | Description |
---|---|---|
Name | Type | Description |
---|---|---|
Name | Type | Description |
---|---|---|
Name | Type | Description |
---|---|---|
Name | Type | Description |
---|---|---|
Name | Type | Description |
---|---|---|
Name | Type | Description |
---|---|---|
Name | Type | Description |
---|---|---|
_0
bytes32
undefined
role
bytes32
undefined
_0
bytes32
undefined
role
bytes32
undefined
index
uint256
undefined
_0
address
undefined
role
bytes32
undefined
_0
uint256
undefined
role
bytes32
undefined
account
address
undefined
role
bytes32
undefined
account
address
undefined
_0
bool
undefined
role
bytes32
undefined
account
address
undefined
role
bytes32
undefined
account
address
undefined
role indexed
bytes32
undefined
previousAdminRole indexed
bytes32
undefined
newAdminRole indexed
bytes32
undefined
role indexed
bytes32
undefined
account indexed
address
undefined
sender indexed
address
undefined
role indexed
bytes32
undefined
account indexed
address
undefined
sender indexed
address
undefined