How OpenZeppelin Simplified Access Control across 30+ Chains with SubQuery

Introduction

When OpenZeppelin set out to reimagine onchain access control, they weren’t just solving a UX problem; they were tackling one of the most operationally complex challenges in smart contract management.

Access control has long been a pain point for teams operating in production. Managing roles, admins, and permissions across contracts often requires jumping between block explorers, internal tools, and custom scripts. It’s slow, fragmented, and highly error-prone (especially as teams expand across multiple chains).

Role Manager is OpenZeppelin’s answer to this. It provides a clean, fully client-side interface for discovering, inspecting, and managing access control across smart contracts, automatically adapting to the standards each contract implements.

Delivering a real-time, multi-chain experience under these constraints requires a highly performant and scalable data layer. That’s where SubQuery plays a critical role.

Key Metrics at a Glance

• Active SubQuery Indexers: 30+
• 30+ supported networks across EVM, Stellar, and Polkadot ecosystems
  • 23 EVM networks, including Ethereum, Polygon, Arbitrum, Base, OP Mainnet, BSC, Avalanche, Linea, Scroll, zkSync Era, and Monad.
  • 5 Polkadot EVM parachains: Polkadot Hub, Moonbeam, Moonriver, and Moonbase Alpha
  • 2 Stellar networks with mainnet and testnet coverage
• Hosting platform: SubQuery’s decentralized network

The Challenge

Before Role Manager, access control was difficult and operationally expensive.

Teams managing contracts in production had to rely on manual lookups to understand who held which roles and how permissions were structured. This often meant digging through block explorers, interpreting raw event logs, and stitching together fragmented views of contract state.

As teams expanded across multiple chains, the problem compounded. Each network introduced its own tooling quirks, indexing requirements, and data formats. Maintaining internal infrastructure to support this became increasingly difficult, both from a cost and engineering perspective.

The result was a system that was slow to query, difficult to scale, and highly dependent on manual processes — exactly the kind of environment where mistakes happen.

What Role Manager Enables

At its core, Role Manager turns raw onchain data into something teams can actually use. It allows developers and operators to:

• Inspect roles, admins, and permissions across contracts
• Execute role-based actions (grant, revoke, transfer ownership)
• View a complete, indexed history of access control changes
• Automatically detect and adapt to different OpenZeppelin standards
• Work across multiple chains with a consistent interface

All of this happens without running any backend services, making the reliability and structure of the underlying data layer critical.

The Role of SubQuery in Role Manager

Role Manager’s fully client-side architecture means it cannot rely on traditional backend services to fetch, process, and serve blockchain data. Instead, SubQuery acts as the data backbone.

For each supported network, OpenZeppelin deploys a dedicated SubQuery project that indexes access control events, such as role grants, revocations, admin changes, and ownership transfers. These events are transformed into structured entities that can be queried in real time.

This indexed data enables several core features of Role Manager:

• Historical visibility: Every role change is indexed and queryable
• Advanced filtering: Users can drill into role activity without parsing raw logs
• Cross-chain consistency: Data is normalized across 30+ networks
• Real-time UX: The UI can render accurate state instantly, without backend processing

The result is a clean separation of concerns. SubQuery handles indexing and data transformation, while the frontend focuses entirely on user experience.

The example query below query returns the history of permission changes for a contract. It shows when a role was granted or removed, which account was affected, and who initiated the change, so you can follow the full audit trail over time.

query GetHistory(
  $network: String!
  $contract: String!
  $role: String
  $account: String
  $txHash: String
  $timestampFrom: Datetime
  $timestampTo: Datetime
  $limit: Int
  $cursor: Cursor
) {
  accessControlEvents(
    filter: {
      network: { equalTo: $network }
      contract: { equalTo: $contract }
      role: { equalTo: $role }
      account: { equalTo: $account }
      eventType: { equalTo: ROLE_GRANTED }
      txHash: { equalTo: $txHash }
      timestamp: {
        greaterThanOrEqualTo: $timestampFrom
        lessThanOrEqualTo: $timestampTo
      }
    }
    orderBy: TIMESTAMP_DESC
    first: $limit
    after: $cursor
  ) {
    nodes {
      id
      eventType
      blockNumber
      timestamp
      txHash
      role
      account
      newOwner
      newAdmin
      acceptSchedule
    }
    totalCount
    pageInfo {
      hasNextPage
      endCursor
    }
  }
}

Meanwhile, the user interface is clean and simple for users to manage their access changes:

Benefits of Using SubQuery for OpenZeppelin

By outsourcing indexing to SubQuery, OpenZeppelin no longer needed to maintain chain-specific infrastructure or build custom data pipelines. This significantly reduced engineering overhead and allowed the team to focus on product development rather than backend maintenance.

It also unlocked true multi-chain scalability. Supporting a new network no longer requires rebuilding the data layer from scratch. Instead, a new SubQuery project can be deployed and integrated into the existing system.

There are also clear UX benefits. Because all data is normalized and queryable through GraphQL, Role Manager can present a consistent interface regardless of the underlying chain. This removes ambiguity for users and reduces the likelihood of operational errors.

Finally, the architecture is inherently more reliable. By eliminating manual lookups and fragmented tooling, OpenZeppelin has created a system where access control data is always structured, accessible, and up to date.

A Resilient Data Infrastructure

Beyond indexing, OpenZeppelin’s deployment model is just as important to highlight.

By deploying their projects to the SubQuery Network, OpenZeppelin ensures that the infrastructure powering Role Manager is distributed across a global network of node operators with no reliance on centralized providers or self-hosted services.

This approach delivers several key advantages:

• Decentralization by design: No single point of failure and no reliance on centralized infrastructure
• Global performance: Queries are served by geographically distributed node operators, improving responsiveness
• Cost efficiency: The SubQuery Network is an extremely cost effective deployment option, a fraction of the cost of centralised providers

In practice, this means Role Manager is backend-less at the application layer and powered by decentralized infrastructure at the data layer, delivering reliability and scalability.

The Road Ahead 

Role Manager is designed as a foundation, not a finished product.

As OpenZeppelin continues to expand support for new ecosystems, the underlying data infrastructure is already in place to scale with it. This opens the door to more advanced features, from deeper analytics on permission structures to automated workflows around role management.

Because the system is built on an adapter-driven frontend and a decentralized indexing layer, it can evolve without introducing additional complexity.

Conclusion

Role Manager represents a shift in how teams interact with smart contract permissions.

What was once a fragmented and error-prone process is now accessible through a single, unified interface. That transformation is made possible by a data layer that abstracts away the complexity of multi-chain indexing.

With SubQuery, OpenZeppelin has built a system that is not only scalable and efficient, but also modular, distributed, and designed to operate without reliance on centralized infrastructure.

About OpenZepplin

OpenZeppelin is the world’s leader in blockchain security for onchain finance. Trusted by global financial institutions and critical blockchain infrastructure protocols, OpenZeppelin delivers open-source frameworks, smart contract libraries, and industry-standard security services that help teams build and deploy onchain applications safely and efficiently. OpenZeppelin’s mission is to accelerate the world’s transition to an open financial system.

Website | Twitter | LinkedIn | Github

About SubQuery

SubQuery is building the foundational data layer of Web3 — open, scalable, and designed for the AI-driven future.

SubQuery Network provides decentralised data indexers and dRPCs that power thousands of dApps across nearly 300 networks. With AI-assisted tools in the SubQuery SDK and Model Context Protocol (MCP) integration, developers can easily build, deploy, and scale blockchain data infrastructure.

Hermes (Subnet 82) is a Bittensor subnet that connects AI agents directly to blockchain data through GraphQL. By rewarding developers to create and improve these agents, Hermes enables intelligent on-chain applications.

AskSubQuery.xyz provides graphql query MCP as a service. It is also the first product to connect to Hermes Subnet as an Authorized Caller.

With SubQuery, you can unlock intelligence in blockchain data.

​​​​Linktree | Website | Discord | Telegram | Twitter | Blog | Medium | LinkedIn | YouTube