You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
- Support for granting and revoking roles to individual accounts or in batches.
30
-
-Built-in check functions (`hasRole`, `requireRole`) for easy permission verification.
31
-
-Renounce role functionality for accounts to give up their own permissions.
28
+
-Role-based access control (RBAC) for granular permissions.
29
+
- Support for granting and revoking roles to/from accounts.
30
+
-Batch operations for efficient role management of multiple accounts.
31
+
-Default admin role for bootstrapping access control.
32
32
</Callout>
33
33
34
34
## Overview
35
35
36
-
The AccessControlFacet provides a robust role-based access control (RBAC) system for Compose diamonds. It allows for granular permission management, enabling administrators to grant, revoke, and renounce roles for specific accounts. This facet is crucial for securing administrative functions and controlling access to sensitive operations within the diamond.
36
+
The AccessControlFacet provides a robust role-based access control (RBAC) system. It allows defining roles, assigning them to accounts, and enforcing permissions based on these roles. This facet is crucial for orchestrating access to sensitive functions within a diamond, ensuring only authorized entities can perform specific actions.
require(accessControl.hasRole(AccessControlFacet.DEFAULT_ADMIN_ROLE, msg.sender), "Caller: Not admin");
500
501
}
501
502
}`}
502
503
</ExpandableCode>
503
504
504
505
## Best Practices
505
506
506
507
<Callouttype="tip"title="Best Practice">
507
-
-Ensure the `DEFAULT_ADMIN_ROLE` is granted to the initial deployer or multisig for diamond ownership.
508
-
-Use role hierarchies by setting role admins appropriately to delegate permission management.
509
-
-Batch role grants and revokes (`grantRoleBatch`, `revokeRoleBatch`) for gas efficiency when managing multiple accounts.
508
+
-Initialize roles and grant initial permissions during diamond deployment or upgrade. Use `grantRole`for single assignments and `grantRoleBatch` for multiple accounts to the same role.
509
+
-Define role hierarchies carefully using `setRoleAdmin` to ensure proper administrative control over role assignments.
510
+
-Integrate `requireRole` checks directly within functions that require specific permissions, ensuring granular access control.
510
511
</Callout>
511
512
512
513
## Security Considerations
513
514
514
515
<Callouttype="warning"title="Security">
515
-
Access control checks are enforced at the function level. Ensure that callers attempting to manage roles (grant, revoke, set admin) possess the necessary administrative privileges for the target role. Reentrancy is not a direct concern for role management functions, but ensure that any functions that *grant* roles do not have reentrancy vulnerabilities if they call external contracts. All role operations are protected against unauthorized callers via `AccessControlUnauthorizedAccount` and `AccessControlUnauthorizedSender` errors.
516
+
Ensure that the caller is authorized before granting or revoking roles by checking their current role membership. Use `requireRole` to protect sensitive functions. Be mindful of gas costs for batch operations, especially with a large number of accounts. The `DEFAULT_ADMIN_ROLE` is critical for initial setup and should be managed securely.
- Role-based access control for granular permission management.
29
-
- Functions to grant, revoke, and check role assignments for accounts.
30
-
- Ability to define and manage administrative roles for other roles.
29
+
- Functions to grant, revoke, and check for role ownership.
30
+
- Ability to set and change the administrative role for any given role.
31
31
</Callout>
32
32
33
33
<Callouttype="info"title="Module Usage">
@@ -36,7 +36,7 @@ This module provides internal functions for use in your custom facets. Import it
36
36
37
37
## Overview
38
38
39
-
The AccessControl module provides a robust system for managing roles and permissions within your Compose diamond. It allows you to define granular access levels for different accounts, ensuring that only authorized entities can perform sensitive operations. This module is crucial for building secure and auditable decentralized applications.
39
+
The AccessControl module provides a robust system for managing roles and permissions within a Compose diamond. It allows for granular control over who can perform specific actions by assigning roles to accounts. This ensures secure and predictable execution of diamond functions by enforcing authorization checks.
- Use `requireRole`for access control checks to ensure correct authorization before executing critical functions.
430
-
-Define custom roles using `keccak256` for specific functionalities and manage their assignments and admin roles effectively.
431
-
-Be mindful of role administration: ensure the `DEFAULT_ADMIN_ROLE` is secured and `setRoleAdmin` is used judiciously.
428
+
- Use `requireRole`internally within facets to enforce access control checks before executing sensitive operations.
429
+
-Ensure the `DEFAULT_ADMIN_ROLE` is appropriately managed, typically by the diamond's owner or a designated multi-sig.
430
+
-When revoking roles, be mindful of potential cascading effects on dependent permissions.
432
431
</Callout>
433
432
434
433
## Integration Notes
435
434
436
435
<Callouttype="success"title="Shared Storage">
437
-
The AccessControl module stores its state within the diamond's storage. Facets interact with it by calling its external functions via the diamond proxy address. Ensure the AccessControl facet is correctly initialized within the diamond's deployment process. Any changes to role assignments or admin roles made through this module are immediately reflected across all facets interacting with the diamond.
436
+
The AccessControl module utilizes a dedicated storage slot within the diamond's state. Facets interacting with AccessControl should use the `IAccessControl` interface. Functions like `grantRole`, `revokeRole`, `hasRole`, `requireRole`, and `setRoleAdmin` operate on this shared storage. Changes made via this module are immediately visible to all facets.
Manage roles and pausing functionality within a diamond.
24
+
Manage role pausing and access control within a diamond.
25
25
</DocSubtitle>
26
26
27
27
<Callouttype="info"title="Key Features">
28
28
- Role-specific pausing and unpausing capabilities.
29
-
-Integration with existing diamond access control mechanisms.
30
-
-Reverts with specific errors for unauthorized access or paused roles.
29
+
-Integrates seamlessly with existing Access Control mechanisms.
30
+
-Emits events for state changes, facilitating off-chain monitoring.
31
31
</Callout>
32
32
33
33
## Overview
34
34
35
-
This facet provides granular control over role-based access and allows for the temporary pausing of specific roles. It integrates with the diamond's access control system, enabling administrators to pause operations for a role, preventing any account from utilizing it until unpaused. This enhances security and operational flexibility during critical events.
35
+
This facet provides granular control over role execution by allowing specific roles to be temporarily paused. It integrates with the Access Control system, enabling administrators to halt operations for a role and resume them later. This is crucial for maintenance or emergency situations.
- Ensure the `AccessControlPausableFacet` is added to the diamond using `diamondCut` with the correct selectors.
326
-
- Call `pauseRole` and `unpauseRole` only with valid role identifiers.
327
-
- Implement `requireRoleNotPaused` within functions that should be protected by role pausing.
318
+
- Ensure the caller has the necessary administrative role before attempting to pause or unpause another role.
319
+
- Utilize `requireRoleNotPaused` within other facets to enforce the paused state of roles before executing sensitive operations.
328
320
</Callout>
329
321
330
322
## Security Considerations
331
323
332
324
<Callouttype="warning"title="Security">
333
-
Access to `pauseRole` and `unpauseRole` is restricted to the admin of the specific role. The `requireRoleNotPaused` function ensures that operations tied to a role cannot be executed when that role is paused, preventing unintended actions. Ensure role administration is correctly configured to prevent unauthorized pausing or unpausing.
325
+
Access to `pauseRole` and `unpauseRole` is restricted to the administrator of the specific role, preventing unauthorized pausing. The `requireRoleNotPaused` function ensures that operations tied to a role are blocked if that role is paused, preventing unintended executions during maintenance or emergencies. Reentrancy is not a direct concern for the pause/unpause functions themselves, but dependent operations in other facets must be carefully audited.
0 commit comments