Access

Contract modules for authorization and access control mechanisms.

Contracts

Ownable

Contract module which provides a basic access control mechanism, where there is an account (an owner) that can be granted exclusive access to specific functions.

By default, the owner account will be the one that deploys the contract. This can later be changed with transferOwnership.

This module is used through inheritance. It will make available the modifier onlyOwner, which can be applied to your functions to restrict their use to the owner.

Modifiers

onlyOwner() modifier

Throws if called by any account other than the owner.

constructor() internal

Initializes the contract setting the deployer as the initial owner.

owner() → address public

Returns the address of the current owner.

renounceOwnership() public

Leaves the contract without owner. It will not be possible to call onlyOwner functions anymore. Can only be called by the current owner.

Renouncing ownership will leave the contract without an owner, thereby removing any functionality that is only available to the owner.

transferOwnership(address newOwner) public

Transfers ownership of the contract to a new account (newOwner). Can only be called by the current owner.

OwnershipTransferred(address previousOwner, address newOwner) event

AccessControl

Contract module that allows children to implement role-based access control mechanisms.

Roles are referred to by their bytes32 identifier. These should be exposed in the external API and be unique. The best way to achieve this is by using public constant hash digests:

bytes32 public constant MY_ROLE = keccak256("MY_ROLE");

Roles can be used to represent a set of permissions. To restrict access to a function call, use hasRole:

function foo() public {
require(hasRole(MY_ROLE, msg.sender));
...
}

Roles can be granted and revoked dynamically via the grantRole and revokeRole functions. Each role has an associated admin role, and only accounts that have a role’s admin role can call grantRole and revokeRole.

By default, the admin role for all roles is DEFAULT_ADMIN_ROLE, which means that only accounts with this role will be able to grant or revoke other roles. More complex role relationships can be created by using _setRoleAdmin.

The DEFAULT_ADMIN_ROLE is also its own admin: it has permission to grant and revoke this role. Extra precautions should be taken to secure accounts that have been granted it.

hasRole(bytes32 role, address account) → bool public

Returns true if account has been granted role.

getRoleMemberCount(bytes32 role) → uint256 public

Returns the number of accounts that have role. Can be used together with getRoleMember to enumerate all bearers of a role.

getRoleMember(bytes32 role, uint256 index) → address public

Returns one of the accounts that have role. index must be a value between 0 and getRoleMemberCount, non-inclusive.

Role bearers are not sorted in any particular way, and their ordering may change at any point.

When using getRoleMember and getRoleMemberCount, make sure you perform all queries on the same block. See the following forum post for more information.

getRoleAdmin(bytes32 role) → bytes32 public

Returns the admin role that controls role. See grantRole and revokeRole.

To change a role’s admin, use _setRoleAdmin.

grantRole(bytes32 role, address account) public

Grants role to account.

If account had not been already granted role, emits a RoleGranted event.

Requirements:

  • the caller must have role's admin role.

revokeRole(bytes32 role, address account) public

Revokes role from account.

If account had been granted role, emits a RoleRevoked event.

Requirements:

  • the caller must have role's admin role.

renounceRole(bytes32 role, address account) public

Revokes role from the calling account.

Roles are often managed via grantRole and revokeRole: this function’s purpose is to provide a mechanism for accounts to lose their privileges if they are compromised (such as when a trusted device is misplaced).

If the calling account had been granted role, emits a RoleRevoked event.

Requirements:

  • the caller must be account.

_setupRole(bytes32 role, address account) internal

Grants role to account.

If account had not been already granted role, emits a RoleGranted event. Note that unlike grantRole, this function doesn’t perform any checks on the calling account.

This function should only be called from the constructor when setting up the initial roles for the system.

Using this function in any other way is effectively circumventing the admin system imposed by AccessControl.

_setRoleAdmin(bytes32 role, bytes32 adminRole) internal

Sets adminRole as role's admin role.

Emits a RoleAdminChanged event.

RoleAdminChanged(bytes32 role, bytes32 previousAdminRole, bytes32 newAdminRole) event

Emitted when newAdminRole is set as role's admin role, replacing previousAdminRole

DEFAULT_ADMIN_ROLE is the starting admin for all roles, despite RoleAdminChanged not being emitted signaling this.

Available since v3.1.

RoleGranted(bytes32 role, address account, address sender) event

Emitted when account is granted role.

sender is the account that originated the contract call, an admin role bearer except when using _setupRole.

RoleRevoked(bytes32 role, address account, address sender) event

Emitted when account is revoked role.

sender is the account that originated the contract call: - if using revokeRole, it is the admin role bearer - if using renounceRole, it is the role bearer (i.e. account)