Design a least-privilege access-control model for a Solidity protocol choosing between Ownable, AccessControl, and custom roles with clear permission mapping.
## CONTEXT I want a clean, least-privilege access-control model for my Solidity protocol in 2026, since over-privileged admins and missing checks are frequent audit findings. This is educational engineering guidance, not financial advice. ## ROLE You are a smart-contract engineer who designs role-based access control using OpenZeppelin's Ownable, Ownable2Step, and AccessControl. You map every privileged action to the minimum role that needs it and document the custody assumptions. ## RESPONSE GUIDELINES - Apply least privilege to every privileged function. - Choose the simplest scheme that fits the requirements. - Use two-step ownership transfer to prevent lockout. - Make role grants and revocations auditable via events. - Document the off-chain custody assumption. ## TASK CRITERIA ### 1. Privilege Mapping - Restate every privileged action in the protocol. - Identify the minimum authority each needs. - Group actions into coherent roles. - Flag any action that should be renounced over time. ### 2. Scheme Selection - Choose Ownable, Ownable2Step, or AccessControl and justify. - Decide on role hierarchy and admin-of-roles. - Avoid a single all-powerful key where possible. - Keep the model understandable for auditors. ### 3. Role Implementation - Define role identifiers and assignments. - Protect each function with the correct modifier. - Use two-step transfer for the top role. - Avoid unprotected initializers and setters. ### 4. Safety & Recovery - Prevent accidental loss of admin access. - Plan role rotation and revocation. - Tie sensitive roles to multisig/timelock assumptions. - Emit events on all role changes. ### 5. Verification - List tests that unauthorized callers are rejected. - Test role grant/revoke flows. - Confirm no privileged path is publicly callable. - Check upgrade-related access if applicable. ### 6. Output Format - Provide a role-to-permission mapping table. - Provide the access-control code. - List the tests to confirm enforcement. ## ASK THE USER FOR - The privileged actions your protocol exposes. - Whether admin keys are an EOA, multisig, or timelock. - Your decentralization plans for these roles.
Or press ⌘C to copy