Posted on / Magento2

Magento2: Apply ACL to custom field

Share the content

Magento 2 Admin ACL panel uses an authentication system and a robust system for creating Access Control List Rules (ACL), which allows a store owner to create fine-grained roles for each user in their system.

Magento 2 Access Control List Rules
The Magento 2 Admin ACL resources are visible under the Magento 2 admin System > Permissions > User Roles area. When we click on the Add New Role button or access a role.  In Magento 2, we can apply the ACL rule in the menu or form, but this article will help you apply the ACL rule on specific filed in the form.

Step: 1

Create a UI component file vendor\module-name\Ui\Component\Form\Field\DisableField


namespace vendor\module-name\Ui\Component\Form\Field;

use Magento\Framework\View\Element\UiComponent\ContextInterface;
use Magento\Framework\View\Element\UiComponentFactory;
use Magento\Framework\View\Element\UiComponentInterface;
use Magento\Framework\AuthorizationInterface;
use Magento\Ui\Component\Form\Field as FormField;

* Class DisableField
* @package I95DevConnect\CloudCustomizations\Ui\Component\Form\Field
* @author Rajat Kar
class DisableField extends FormField
* @var AuthorizationInterface
private $authorization;

* Constructor
* @param ContextInterface $context
* @param UiComponentFactory $uiComponentFactory
* @param AuthorizationInterface $authorization
* @param UiComponentInterface[] $components
* @param array $data
public function __construct(
ContextInterface $context,
UiComponentFactory $uiComponentFactory,
AuthorizationInterface $authorization,
array $components = [],
array $data = []
) {
$this->authorization = $authorization;
parent::__construct($context, $uiComponentFactory, $components, $data);

* Prepare component configuration
* @return void
* @throws \Magento\Framework\Exception\LocalizedException
public function prepare()

$isAllowed = $this->authorization->isAllowed(‘Vendor_ModuleName:: editable_fields’);
if (!$isAllowed) {
$currentConfig = $this->getData(‘config’);
$currentConfig[‘disabled’] = true;
$this->setData(‘config’, $currentConfig);

Step: 2

Create etc/acl.xml

<config xmlns:xsi=”” xsi:noNamespaceSchemaLocation=”../../../../../lib/internal/Magento/Framework/Acl/etc/acl.xsd”>
<resource id=”Magento_Backend::admin”>
<resource id=”Magento_Customer::customer”>
<resource id=”Magento_Customer::manage”>
<resource id=”Vendor_ModuleName:: editable_fields” title=”allow edit some field” translate=”title” sortOrder=”110″ />

Step: 3


<form xmlns:xsi=”” xsi:noNamespaceSchemaLocation=”urn:magento:module:Magento_Ui:etc/ui_configuration.xsd”>
<fieldset name=”customer”>
<field name=”customer_field_name” formElement=”input” class=”Vendor\ModuleName\Ui\Component\Form\Field\DisableField”>
<argument name=”data” xsi:type=”array”>
<item name=”config” xsi:type=”array”>
<item name=”source” xsi:type=”string”>customer</item>
<item name=”sortOrder” xsi:type=”number”>100</item>
<item name=”visible” xsi:type=”boolean”>true</item>

Hope this article help you. Thank you

Leave a Reply

Your email address will not be published. Required fields are marked *