HomeEIPsNewsletter
EIPsERC-5982
ERC-5982

Role-based Access Control

An interface for role-based access control for smart contracts.
ReviewStandards Track: ERC
Created: 2022-11-15
Requires: EIP-165, EIP-5750
Zainan Victor Zhou (@xinbenlv)
Discussions ForumOriginal Proposal LinkEdit
1 min read

The ERC-5982 proposal defines an interface for role-based access control for smart contracts in Ethereum. The motivation behind this proposal is to establish a more secure and flexible way of granting permissions to privileged actions, as opposed to ownership-based access control. The interface specifies how to read, grant, create, and destroy roles, which are defined as byte32. It also specifies the sense of role power in the format of its ability to call a given method identified by bytes4 method selector. Additionally, the interface specifies how metadata of roles are represented. The proposal includes two interfaces: IERC_ACL_CORE and IERC_ACL_GENERAL. The former includes functions for checking if an account has a certain role, granting a role to an account, and revoking a role from an account. The latter includes an event for when a role is granted. The proposal is currently in the process of being peer-reviewed and interested parties are encouraged to participate in the discussion. The proposal references other Ethereum Improvement Proposals, including EIP-2930, which proposes optional access lists, ERC-3009, which proposes transfer with authorization, and ERC-6909, which proposes a minimal multi-token interface.

Video
Anyone may contribute to propose contents.
Go propose
Original

Abstract

This EIP defines an interface for role-based access control for smart contracts. Roles are defined as byte32. The interface specifies how to read, grant, create and destroy roles. It specifies the sense of role power in the format of its ability to call a given method identified by bytes4 method selector. It also specifies how metadata of roles are represented.

Motivation

There are many ways to establish access control for privileged actions. One common pattern is "role-based" access control, where one or more users are assigned to one or more "roles," which grant access to privileged actions. This pattern is more secure and flexible than ownership-based access control since it allows for many people to be granted permissions according to the principle of least privilege.

Specification

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 and RFC 8174.

Interfaces of reference is described as followed:

interface IERC_ACL_CORE { function hasRole(bytes32 role, address account) external view returns (bool); function grantRole(bytes32 role, address account) external; function revokeRole(bytes32 role, address account) external; }
interface IERC_ACL_GENERAL { event RoleGranted(address indexed grantor, bytes32 indexed role, address indexed grantee, bytes _data); event RoleRevoked(address indexed revoker, bytes32 indexed role, address indexed revokee, bytes _data); event RoleCreated(address indexed roleGrantor, bytes32 role, bytes32 adminOfRole, string name, string desc, string uri, bytes32 calldata _data); event RoleDestroyed(address indexed roleDestroyer, bytes32 role, bytes32 calldata _data); event RolePowerSet(address indexed rolePowerSetter, bytes32 role, bytes4 methods, bytes calldata _data); function grantRole(bytes32 role, address account, bytes calldata _data) external; function revokeRole(bytes32 role, address account, bytes calldata _data) external; function createRole(bytes32 role, bytes32 adminOfRole, string name, string desc, string uri, bytes32 calldata _data) external; function destroyRole(bytes32 role, bytes32 calldata _data) external; function setRolePower(bytes32 role, bytes4 methods, bytes calldata _data) view external returns(bool); function hasRole(bytes32 role, address account, bytes calldata _data) external view returns (bool); function canGrantRole(bytes32 grantor, bytes32 grantee, bytes calldata _data) view external returns(bool); function canRevokeRole(bytes32 revoker, bytes32 revokee, address account, bytes calldata _data) view external returns(bool); function canExecute(bytes32 executor, bytes4 methods, bytes32 calldata payload, bytes calldata _data) view external returns(bool); }
interface IERC_ACL_METADATA { function roleName(bytes32) external view returns(string); function roleDescription(bytes32) external view returns(string); function roleURI(bytes32) external view returns(string); }
  1. Compliant contracts MUST implement IERC_ACL_CORE
  2. It is RECOMMENDED for compliant contracts to implement the optional extension IERC_ACL_GENERAL.
  3. Compliant contracts MAY implement the optional extension IERC_ACL_METADATA.
  4. A role in a compliant smart contract is represented in the format of bytes32. It's RECOMMENDED the value of such role is computed as a keccak256 hash of a string of the role name, in this format: bytes32 role = keccak256("<role_name>"). such as bytes32 role = keccak256("MINTER").
  5. Compliant contracts SHOULD implement ERC-165 identifier.

Rationale

  1. The names and parameters of methods in IERC_ACL_CORE are chosen to allow backward compatibility with OpenZeppelin's implementation.
  2. The methods in IERC_ACL_GENERAL conform to ERC-5750 to allow extension.
  3. The method of renounceRole was not adopted, consolidating with revokeRole to simplify interface.

Backwards Compatibility

Needs discussion.

Security Considerations

Needs discussion.

Copyright and related rights waived via CC0.

Further reading
Anyone may contribute to propose contents.
Go propose
Adopted by projects
Anyone may contribute to propose contents.
Go propose

Not miss a beat of EIPs' update?

Subscribe EIPs Fun to receive the latest updates of EIPs Good for Buidlers to follow up.

View all
Serve Ethereum Builders, Scale the Community.
Resources
GitHub
Supported by