Access Control Manager

Technical Information

Access control is managed through a contract called the Access Control Manager.

This contract is responsible for granting or revoking roles, and these roles will be stored in the Concrete Storage.

When deploying the Concrete Storage contract, two write roles are automatically granted to the address specified as an argument (The ACM contract address). The granted roles are also specified as arguments, namely the "PROTOCOL" role and the "ACL_ADMIN" role. Additionally, the address deploying the contract is temporarily granted only the second role, allowing it to call the Access Control Manager and grant new permissions. The Access Control Manager requires the "Protocol" role to write to storage.

Diagram of Roles

Roles

Role	Power & Responsibility
CONCRETE_MANAGER	The transaction initiator requires this role to call the Protocol.
PROTOCOL_MANAGER	The Protocol contract is assigned this role, which is required to invoke the Module Manager.
MODULE_MANAGER	The Module Manager contract is assigned this role, which is required to invoke Modules.
MODULE	The Module contracts are assigned this role, which is required to invoke Blueprint Manager
BLUEPRINT_MANAGER	The Blueprint Manager contract is assigned this role, wich is required to invoke Blueprints,
BLUEPRINT	The Blueprint contracts are assigned this role, which is required to invoke Action Manager
ACTION_MANAGER	The Action Manager contract is assigned this role, wich is required to invoke Action, and enable or disable Actions.
ACTION	The Action contracts are assigned this rol, wich is required to invoke user implementations.
PROTOCOL	Required to write in Concrete storage
SUDO_ADMIN	This role is required to enable and disable Modules, Blueprints and actions
ACL_ADMIN	Required to grant and revoke roles

OnlyRole

Each function utilizes the onlyRole("ROLE") modifier. With this contract, we ensure that functions can only be executed by a msg.sender with the correct role.