Access control helps decide who can do what in a smart contract. OpenZeppelin makes it easy to add these rules safely.
import "@openzeppelin/contracts/access/AccessControl.sol"; contract MyContract is AccessControl { bytes32 public constant ADMIN_ROLE = keccak256("ADMIN_ROLE"); constructor() { _setupRole(DEFAULT_ADMIN_ROLE, msg.sender); _setupRole(ADMIN_ROLE, msg.sender); } function restrictedFunction() public onlyRole(ADMIN_ROLE) { // code only admins can run } }
Use onlyRole(role) modifier to restrict function access.
Roles are identified by bytes32 hashes, usually created with keccak256.
MINTER_ROLE and restricts the mint function to users with that role.bytes32 public constant MINTER_ROLE = keccak256("MINTER_ROLE");
function mint() public onlyRole(MINTER_ROLE) {
// mint tokens
}constructor() {
_setupRole(DEFAULT_ADMIN_ROLE, msg.sender);
}ADMIN_ROLE to others.function grantAdmin(address user) public onlyRole(DEFAULT_ADMIN_ROLE) {
grantRole(ADMIN_ROLE, user);
}This contract lets only users with the EDITOR_ROLE change the data. The deployer starts with admin and editor roles.
pragma solidity ^0.8.20; import "@openzeppelin/contracts/access/AccessControl.sol"; contract SimpleAccess is AccessControl { bytes32 public constant EDITOR_ROLE = keccak256("EDITOR_ROLE"); string public data; constructor() { _setupRole(DEFAULT_ADMIN_ROLE, msg.sender); _setupRole(EDITOR_ROLE, msg.sender); } function setData(string memory newData) public onlyRole(EDITOR_ROLE) { data = newData; } function getData() public view returns (string memory) { return data; } }
Remember to assign roles carefully to avoid locking out important functions.
OpenZeppelin's AccessControl is safer and easier than writing your own permission checks.
Use DEFAULT_ADMIN_ROLE to manage other roles.
Access control restricts who can use certain functions in a contract.
OpenZeppelin provides ready-made tools to add roles and permissions.
Use onlyRole modifier to protect functions easily.