[Feature]: AccessControl Library Enhancements - setRoleAdmin, Batch Operations

[isihin-3]

Feature Request: AccessControl Library Enhancements

Overview

This feature request proposes enhancements to the AccessControl library to improve usability, gas efficiency, and add practical features for DAO-scale role management.

Core Improvements (Priority)

1. External setRoleAdmin Function

Description: Expose an external version of LibAccessControl.setRoleAdmin, allowing role hierarchy changes directly through the AccessControlFacet.

Current State: setRoleAdmin exists as an internal function in LibAccessControl.sol (line 73), but there's no external way to call it through the facet.

Proposed Implementation:

• Add setRoleAdmin(bytes32 _role, bytes32 _adminRole) external function to AccessControlFacet
• Authorization: Caller must have the current admin role for _role
• Emit RoleAdminChanged event (already exists)

Benefits:

• Enables dynamic role hierarchy management
• Allows admins to restructure permissions without code changes

2. Batch Role Management Functions

Description: Add grantRoleBatch and revokeRoleBatch functions to handle multiple addresses in a single transaction.

Proposed Functions:

• grantRoleBatch(bytes32 _role, address[] calldata _accounts) external
• revokeRoleBatch(bytes32 _role, address[] calldata _accounts) external

Authorization: Caller must have the admin role for _role

Benefits:

• Significant gas savings for DAO-scale operations
• Simplifies management when granting/revoking roles for multiple addresses
• Reduces transaction count and complexity

Optional Composable Facets (Future Work)

These can be implemented as separate features after the core improvements:

3. AccessControlPausableFacet

Description: Adds pause/unpause functionality for specific roles.

Proposed Functions:

• pauseRole(bytes32 _role) external - Temporarily disable a role (e.g., freeze MINTER_ROLE)
• unpauseRole(bytes32 _role) external - Re-enable a role

Use Cases:

• Emergency stops for security incidents
• Temporary role suspension for investigation
• Administrative control over role functionality

4. AccessControlTemporalFacet

Description: Roles with expiry timestamps for time-limited permissions.

Proposed Features:

• Store expiry timestamps for role assignments
• Automatically revoke expired roles
• Functions to grant roles with expiry times

Use Cases:

• Temporary access for contractors
• Limited-time DAO permissions
• Time-bound administrative access

Implementation Plan

1. Phase 1 (Core Improvements):
   • Implement setRoleAdmin external function
   • Implement grantRoleBatch and revokeRoleBatch
   • Add comprehensive tests
   • Update documentation

EDIT: "Phase 2" has been extracted to #162

2. Phase 2 (Composable Facets - Future):
- Design and implement AccessControlPausableFacet
- Design and implement AccessControlTemporalFacet
- Ensure shared storage slot compatibility

[mudgen]

Great. I think it makes sense to have two separate pull requests for this, one pull request for Phase 1 and a separate pull request for Phase 2.

Assigned to @isihin-3

[isihin-3]

Great. I think it makes sense to have two separate pull requests for this, one pull request for Phase 1 and a separate pull request for Phase 2.

Assigned to @isihin-3

Thanks I will be working on it