Platform Access Control
Role Management
Overview
Any Fraction Platform employs a role-based access control
system through the AccessControlFacet where roles
are identified by their bytes32 identifiers. This system ensures fine-grained access control and delegation of responsibilities.
Key Concepts
Admin Role
The Admin is distinct from the owner of the DiamondFactory.sol contract** and does not possess the same privileges.
This role represents the central authority for managing all roles except default ones within the platform.
Default Role: OPEN_ROLE
Every account inherently possesses the OPEN_ROLE. This role cannot be granted or revoked as it is the default.
Role Management Capabilities
Admin Privileges
Admins can grant and revoke all roles except for ADMIN_ROLE and OPEN_ROLE. Furthermore, they can designate
or dismiss users as role handlers using the addRoleHandler() and removeRoleHandler functions:
Role Handlers
Designated handlers can only manage the roles they are assigned to. They can grant or revoke their managed roles from/to users.
Admin Role Restrictions
The Admin role cannot Grant or revoke ADMIN_ROLE and cannot grant or revoke OPEN_ROLE.
Role Assignments
The Admin is a handler of all roles except for ADMIN_ROLE and OPEN_ROLE. Only one Admin is supported per Fraction
Platform instance.