Access Control Revoke Batch Facet
Provides an efficient way to revoke a specified role from multiple accounts in a single transaction.
Key Features
- Revokes a single role across many accounts in one transaction for operational and gas efficiency.
- Enforces role-admin authorization using before any state changes.
- Performs selective revocation: accounts without the role are skipped without reverting.
Storage
AccessControlStorage
State Variables
| Property | Type | Description |
|---|---|---|
STORAGE_POSITION | bytes32 | Diamond storage slot position for this module (Value: keccak256("compose.accesscontrol")) |
Functions
revokeRoleBatch
Revokes _role from each address in _accounts that currently has it. The caller must have the admin role of the role to revoke.
Parameters:
| Property | Type | Description |
|---|---|---|
_role | bytes32 | The role to revoke. |
_accounts | address[] | The accounts to revoke the role from. |
Behavior Notes
- The function does not deduplicate
_accounts; duplicate addresses are processed in order. - Because state is updated on first successful revocation, repeated addresses usually emit once and then no-op.
- An empty
_accountsarray is valid and performs no revocations after authorization check. - Authorization depends on the current
adminRolemapping for_role.
Events
Errors
Best Practices
- Ensure role administration is initialized correctly so
adminRole[_role]points to the intended admin role. - Validate account lists off-chain where possible (remove obvious duplicates, chunk large batches).
Security Considerations
Access to revokeRoleBatch is restricted by role-based authorization and enforced with AccessControlUnauthorizedAccount. Since this facet operates on shared diamond storage, keep storage layout and access-control invariants consistent across all related facets. Large batches increase gas usage linearly with _accounts.length, so callers should split very large revocations into multiple transactions to avoid block gas issues.
Was this helpful?
Last updated:
