Access
The example code snippets used in this guide are experimental and have not been audited. They simply help exemplify usage of the OpenZeppelin Sui Package.
The openzeppelin_access package provides role-based access control and ownership-transfer wrappers for privileged Sui objects, such as admin capabilities, treasury capabilities, shared protocol state, and governance-controlled operations.
Use this package when direct object transfer or single-admin authorization is too permissive for your protocol. It gives you typed role checks and explicit transfer workflows that are easier to review, monitor, and constrain with policy.
Usage
Add the dependency in Move.toml:
[dependencies]
openzeppelin_access = { r.mvr = "@openzeppelin-move/access" }Import the module you want to use:
use openzeppelin_access::access_control::{Self, AccessControl, Auth};
use openzeppelin_access::two_step_transfer;
use openzeppelin_access::delayed_transfer;Modules
RBAC
Role-based authorization for privileged functions, shared protocol objects, operators, guardians, keepers, and governance executors, with delayed root administration.
Two-Step Transfer
Ownership-transfer wrapper for single-owned privileged objects that should not move until the recipient explicitly accepts.
Delayed Transfer
Ownership-transfer wrapper for single-owned privileged objects whose transfer or unwrap should be visible on-chain for a delay window before execution.
Choosing a module
| Module | Use it when |
|---|---|
access_control | Authority is spread across multiple actors or roles, especially for shared objects, protocol functions, and delayed root-admin operations. |
two_step_transfer | A single-owned privileged object can transfer immediately, but the recipient should explicitly accept first. |
delayed_transfer | A single-owned privileged object should not transfer or unwrap until a visible delay has elapsed. |
The ownership-transfer modules are designed for single-owned objects. In two_step_transfer, ctx.sender() is stored as the owner-of-record for pending requests. Avoid using this policy directly in shared-object executor flows unless your design explicitly maps signer identity to cancel authority.
Next steps
- RBAC for role-based authorization.
- Two-Step Transfer for explicit recipient acceptance.
- Delayed Transfer for delayed capability transfers and unwraps.
- Role Based Access Control guide for a full walkthrough with publishing, upgrades, and PTBs.
- Access API reference for function signatures, events, and errors.