I'm confused with this post, gonna leave here fore future reference: AccessControl Role-Based Control, unable to grant desired role?
From these codes, please clarify my understanding.
function _setupRoles(address admin) private {
_grantRole(DEFAULT_ADMIN_ROLE, admin);
_setRoleAdmin(BLACKLISTED_ROLE, BLACKLIST_OPERATOR_ROLE);
_setRoleAdmin(GREENLISTED_ROLE, GREENLIST_OPERATOR_ROLE);
_grantRole(GREENLIST_OPERATOR_ROLE, admin);
_grantRole(BLACKLIST_OPERATOR_ROLE, admin);
}
What the function above does is set adminRole for BLACKLISTED_ROLE to be BLACKLIST_OPERATOR_ROLE(same for GREENLISTED). The BLACKLIST_OPERATOR_ROLE can now grant and revoke the BLACKLISTED_ROLE to/from other addresses.
However remember that the role BLACKLIST_OPERATOR_ROLE never had its own adminRole set which makes it default to (0x00)
and because DEFAULT_ADMIN_ROLE is set to 0x00 only default admin can actually grant or revoke that both BLACKLIST_OPERATOR_ROLE and GREENLIST_OPERATOR_ROLE.
A BLACKLISTED_ROLE is a user that has been backlisted by the adminRole, BLACKLIST_OPERATOR_ROLE (which is one of the admins) can grant and revoke the role BLACKLISTED_ROLE using the OpenZeppeling grantRole(). Same applies for GREENLIST_OPERATOR_ROLE.