Magento2: Apply ACL to custom field

Spread the love

Magento 2 Admin ACL panel uses an authentication system and a robust system for creating Access Control List Rules (ACL), which allows a store owner to create fine-grained roles for each user in their system.

Magento 2 Access Control List Rules
The Magento 2 Admin ACL resources are visible under the Magento 2 admin System > Permissions > User Roles area. When we click on the Add New Role button or access a role.  In Magento 2, we can apply the ACL rule in the menu or form, but this article will help you apply the ACL rule on specific filed in the form.

Step: 1

Create a UI component file vendor\module-name\Ui\Component\Form\Field\DisableField


namespace vendor\module-name\Ui\Component\Form\Field;

use Magento\Framework\View\Element\UiComponent\ContextInterface;
use Magento\Framework\View\Element\UiComponentFactory;
use Magento\Framework\View\Element\UiComponentInterface;
use Magento\Framework\AuthorizationInterface;
use Magento\Ui\Component\Form\Field as FormField;

 * Class DisableField
 * @package I95DevConnect\CloudCustomizations\Ui\Component\Form\Field
 * @author Rajat Kar
class DisableField extends FormField
     * @var AuthorizationInterface
    private $authorization;

     * Constructor
     * @param ContextInterface $context
     * @param UiComponentFactory $uiComponentFactory
     * @param AuthorizationInterface $authorization
     * @param UiComponentInterface[] $components
     * @param array $data
    public function __construct(
        ContextInterface       $context,
        UiComponentFactory     $uiComponentFactory,
        AuthorizationInterface $authorization,
        array                  $components = [],
        array                  $data = []
        $this->authorization = $authorization;
        parent::__construct($context, $uiComponentFactory, $components, $data);

     * Prepare component configuration
     * @return void
     * @throws \Magento\Framework\Exception\LocalizedException
    public function prepare()

        $isAllowed = $this->authorization->isAllowed(‘Vendor_ModuleName:: editable_fields’);
        if (!$isAllowed) {
            $currentConfig = $this->getData(‘config’);
            $currentConfig[‘disabled’] = true;
            $this->setData(‘config’, $currentConfig);

Step: 2

Create etc/acl.xml

<config xmlns:xsi="" xsi:noNamespaceSchemaLocation="../../../../../lib/internal/Magento/Framework/Acl/etc/acl.xsd">
            <resource id="Magento_Backend::admin">
                <resource id="Magento_Customer::customer">
                    <resource id="Magento_Customer::manage">
                        <resource id="Vendor_ModuleName:: editable_fields" title="allow edit some field" translate="title" sortOrder="110" />

Step: 3


<form xmlns:xsi="" xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Ui:etc/ui_configuration.xsd">
    <fieldset name="customer">
        <field name="customer_field_name" formElement="input" class="Vendor\ModuleName\Ui\Component\Form\Field\DisableField">
            <argument name="data" xsi:type="array">
                <item name="config" xsi:type="array">
                    <item name="source" xsi:type="string">customer</item>
                    <item name="sortOrder" xsi:type="number">100</item>
                    <item name="visible" xsi:type="boolean">true</item>

Hope this article help you. Thank you

You may also like...

Popular Posts

× How can I help you?