The batch_grant_access instruction validates inputs and emits a BatchAccessGrantedEvent but does not actually create any AccessGrant PDA accounts. The code contains an explicit comment acknowledging this:
// Note: Actual account initialization must be done via CPI or
// multiple transactions. This is a simplified version that
// validates inputs and emits an event for off-chain processing.
Any frontend or client that calls batch_grant expecting grants to be stored on-chain will get no effect — the providers receive no actual access.
Steps to Reproduce
- Call
batch_grant_access with valid providers and roles
- Attempt to use one of the providers to access a record
- Access is denied — no AccessGrant account was ever created
Expected Behavior
Each provider in the batch should have an AccessGrant PDA created on-chain with the specified permissions.
Actual Behavior
Only an event is emitted. No on-chain state is written.
Environment
- Anchor: 0.32.1
- Network: localnet / devnet
Component Affected
The
batch_grant_accessinstruction validates inputs and emits aBatchAccessGrantedEventbut does not actually create anyAccessGrantPDA accounts. The code contains an explicit comment acknowledging this:Any frontend or client that calls
batch_grantexpecting grants to be stored on-chain will get no effect — the providers receive no actual access.Steps to Reproduce
batch_grant_accesswith valid providers and rolesExpected Behavior
Each provider in the batch should have an
AccessGrantPDA created on-chain with the specified permissions.Actual Behavior
Only an event is emitted. No on-chain state is written.
Environment
Component Affected