adminRole in AccessControl

Hi there, as I was trying to use the AccessControl library, a great library by the way, I came across this little ambiguity that is puzzling me. In the following snippet, I can understand the bytes32 is for a hashed value of a role string literal, like MINTER_ROLE, however, what is the bytes32 adminRole in the struct RoleData then? If it were the same hashed value of a string literal, wouldn’t it be redundant? I think adminRole is more like an address, indicating the address of the admin for this role. Please clarify.

struct RoleData {
        mapping (address => bool) members;
        bytes32 adminRole;

    mapping (bytes32 => RoleData) private _roles;

    bytes32 public constant DEFAULT_ADMIN_ROLE = 0x00;

I think just like the comments:

 Roles can be granted and revoked dynamically via the {grantRole} and {revokeRole} functions. 

Each role has an associated admin role, and only
 accounts that have a role's admin role can call {grantRole} and {revokeRole}.

 By default, the admin role for all roles is `DEFAULT_ADMIN_ROLE`, which means
 that only accounts with this role will be able to grant or revoke other  roles. More complex role relationships can be created by using

Have I made it clear?

It is clear, but not quite intuitive to me.

Let’s take MINTER_ROLE for an example: bytes32 public constant MINTER_ROLE = keccak256("MINTER_ROLE"); MINTER_ROLE would be used as a key in the mapping _roles. And in that mapping, anyone who is given a minter role would set his value in members as true.

Now, suppose _setRoleAdmin is called with role=MINTER_ROLE, what should be set as adminRole then? Is it just a way of describing this adminRole? like “CUTE_ADMIN” or “NERDY_BOSS”. Besides, is there an actual use case where I can see how it is used? Many thanks.

function _setRoleAdmin(bytes32 role, bytes32 adminRole) internal virtual {
    emit RoleAdminChanged(role, getRoleAdmin(role), adminRole);
    _roles[role].adminRole = adminRole;

Some resources to learn about this:

I think I got it. adminRole is a also a role but with the adminitrative ability to grant and revoke existing roles. Therefore, every role has to have a adminRole to do the administrative work for this role. Meanwhile, an address can be a certain role like a MINTER as well as its adminRole like MINTER_ADMIN, and this is why adminRole is not an address but a bytes32 value. That said, an adminRole is also stored in _roles mapping, correct?


Yes that is correct!