Contract module that allows children to implement role-based access control mechanisms. This is a lightweight version that doesn't allow enumerating role members except through off-chain means by accessing the contract event logs. Some applications may benefit from on-chain enumerability, for those cases see {AccessControlEnumerable}. Roles are referred to by their bytes32 identifier. These should be exposed in the external API and be unique. The best way to achieve this is by using public constant hash digests: solidity bytes32 public constant MY_ROLE = keccak256("MY_ROLE"); Roles can be used to represent a set of permissions. To restrict access to a function call, use {hasRole}: solidity function foo() public { require(hasRole(MY_ROLE, msg.sender)); ... } Roles can be granted and revoked dynamically via the {grantRole} and {revokeRole} functions. Each role has an associated admin role, and only accounts that have a role's admin role can call {grantRole} and {revokeRole}. By default, the admin role for all roles is DEFAULT_ADMIN_ROLE, which means that only accounts with this role will be able to grant or revoke other roles. More complex role relationships can be created by using {_setRoleAdmin}. WARNING: The DEFAULT_ADMIN_ROLE is also its own admin: it has permission to grant and revoke this role. Extra precautions should be taken to secure accounts that have been granted it. We recommend using {AccessControlDefaultAdminRules} to enforce additional security measures for this role.
Methods
DEFAULT_ADMIN_ROLE
function DEFAULT_ADMIN_ROLE() external view returns (bytes32)
Returns
Name
Type
Description
_0
bytes32
undefined
getRoleAdmin
function getRoleAdmin(bytes32 role) external view returns (bytes32)
Returns the admin role that controls role. See {grantRole} and {revokeRole}. To change a role's admin, use {_setRoleAdmin}.
Parameters
Name
Type
Description
role
bytes32
undefined
Returns
Name
Type
Description
_0
bytes32
undefined
grantRole
function grantRole(bytes32 role, address account) external nonpayable
Grants role to account. If account had not been already granted role, emits a {RoleGranted} event. Requirements: - the caller must have role's admin role. May emit a {RoleGranted} event.
Parameters
Name
Type
Description
role
bytes32
undefined
account
address
undefined
hasRole
function hasRole(bytes32 role, address account) external view returns (bool)
Returns true if account has been granted role.
Parameters
Name
Type
Description
role
bytes32
undefined
account
address
undefined
Returns
Name
Type
Description
_0
bool
undefined
renounceRole
function renounceRole(bytes32 role, address account) external nonpayable
Revokes role from the calling account. Roles are often managed via {grantRole} and {revokeRole}: this function's purpose is to provide a mechanism for accounts to lose their privileges if they are compromised (such as when a trusted device is misplaced). If the calling account had been revoked role, emits a {RoleRevoked} event. Requirements: - the caller must be account. May emit a {RoleRevoked} event.
Parameters
Name
Type
Description
role
bytes32
undefined
account
address
undefined
revokeRole
function revokeRole(bytes32 role, address account) external nonpayable
Revokes role from account. If account had been granted role, emits a {RoleRevoked} event. Requirements: - the caller must have role's admin role. May emit a {RoleRevoked} event.
Parameters
Name
Type
Description
role
bytes32
undefined
account
address
undefined
supportsInterface
function supportsInterface(bytes4 interfaceId) external view returns (bool)
Emitted when newAdminRole is set as role's admin role, replacing previousAdminRoleDEFAULT_ADMIN_ROLE is the starting admin for all roles, despite {RoleAdminChanged} not being emitted signaling this. _Available since v3.1._
Emitted when account is granted role. sender is the account that originated the contract call, an admin role bearer except when using {AccessControl-_setupRole}.
Emitted when account is revoked role. sender is the account that originated the contract call: - if using revokeRole, it is the admin role bearer - if using renounceRole, it is the role bearer (i.e. account)