Get Free Audit

How to configure Backend menu with ACL in Magento 2

Aug 23, 2018

12206 Andrey Litvin

How to configure Backend menu with ACL in Magento 2

Magento 2 allows you to customize and add new items to the backend menu. You can also regulate the access rights to them using the appropriate access control list (ACL) rules and create new ACL rules. Here is how you do it.

This menu consists of several levels:

The levels of the backend menu

You can add a new menu using the app/code/Vendor/Module/etc/adminhtml/menu.xml file:


  • id is a record identifier (must be unique). {Vendor_Module}::{menu_description};
  • title is a displayed name;
  • module determines the module which the menu item belongs to in the Vendor_Module format;
  • sortOrder determines the position of the menu item. Items with a lower value of sortOrder will be displayed higher;
  • parent — id of other menu items. Defines this menu as nested;
  • action — page url referenced by the menu item;
  • resource defines the ACL rule necessary to see this menu item.

Magento 2 ACL

Magento 2 allows you to separate the rights of admin users and create groups of admin users with different access rights.

Defining ACL

You can create a new ACL rule using the app/code/Vendor/Module/etc/acl.xml file:

Partner With Us Let's discuss how to grow your business. Get a Free Quote.
Talk to Andrey


  • id is a resource identifier. It is used in the menu configuration and controllers to specify the resource. Must be unique and specified in the format: Vendor_Module :: resource_name.
  • title — the name of the resource;
  • sortOrder — the position of the resources in the resource tree;

ACL for menu

In order to restrict the access to a menu section by a certain ACL rule, you should specify it in the resource parameter when configuring the menu:


ACL for action

In order to restrict the access to an action using the ACL, the controller of this action must override the _isAllowed method.

protected function _isAllowed()

Hope everything makes sense. If not, I’ll be glad to answer your questions, please leave them in the comment section below.


Dropdown Menu

Take your online store to the next level with BelVG module

Download here

Want to improve catalog visibility in your Magento 2 store? Check out our Groups Catalog for Magento 2 extension.

Andrey Dubina
Partner With Us Looking for a partner to grow your business? We are the right company to bring your webstore to success. Talk to Andrey


  1. I implemented the code as you have written in this blog but am still able to access the restricted configuration in admin.Is the isallowed method written completely or i need to add my code for restrriction

Post a new comment

BelVG Newsletter
Subscribe to our mailing list and get interesting stuff and updates to your email inbox.
Email *