Each Fraction Platform uses a role-based access control system by integrating the AccessControlFacet. This facet enables fine-grained access management by assigning roles identified with bytes32 identifiers, allowing for precise control and delegation of responsibilities.

Admin Role

The Admin is distinct from the owner of the platform's diamond proxy and does not possess the same privileges. This role represents the central authority for managing all roles except default ones within the platform.

Default Role: OPEN_ROLE

Every account inherently possesses the OPEN_ROLE. This role cannot be granted or revoked as it is the default.

Role Management Capabilities

Admin Privileges

Admins can grant and revoke all roles except for ADMIN_ROLE and OPEN_ROLE. Furthermore, they can designate or dismiss users as role handlers using the addRoleHandler() and removeRoleHandler functions.

Additionally, an Admin can transfer their rights to another user via the changeAdmin() function. Only one Admin is supported per platform.

Role Handlers

Designated handlers can only manage the roles they are assigned to. They can grant or revoke their managed roles from/to users.

Admin Role Restrictions

The Admin role cannot Grant or revoke ADMIN_ROLE and cannot grant or revoke OPEN_ROLE.

Role Assignments

The Admin is a handler of all roles except for ADMIN_ROLE and OPEN_ROLE. Only one Admin is supported per Fraction Platform instance.