Create admin user resource permissions
To create an admin grid, we first need to create an admin controller. Before that, we need to create a menu item that links to the controller. When creating menu items, you have to assign them to a resource. Our first step is to create a new ACL (Access Control List) resource.
Understanding ACL Resources
ACLs control the permissions assigned to users or roles. Every single unit inside an ACL is called a resource, and you can create as many resources as you wish. Resources can have parents and children, and nest as many levels deep as you wish to control the granularity of the permissions assigned in the admin.
Creating ACL Resources
Magento looks for ACL resources within acl.xml
files. The main child node will be ACL, and it always has a resources child node. This resources node accepts any number of resource nodes, each defined with a module name and then the name of the resource.
For example, all admin resources get to find under the Magento_Backend::admin
resource, so every resource we define as a child of this resource will be an admin permission.
Naming ACL Resources
It’s important to follow good practices when naming ACL resources to make it easy to understand and manage them. Here are some guidelines:
- Name the root resource for your module with the same name as the module, but in lowercase.
- For child resources, use a prefix that self-documents the resource, telling you that it belongs to a specific parent resource.
- Avoid adding redundant prefixes to your resource names.
Configuring ACL Resources
To configure ACL resources, create an acl.xml
file in your module’s etc
folder. Inside this file, define the resources you need. You can create parent resources, child resources, and even more granular resources to control specific actions, such as viewing, saving, or deleting records.
For example, you can create a parent resource for your module, a child resource for a specific feature (like FAQs), and then more child resources for actions related to that feature (like viewing, saving, or deleting FAQs).
Managing User Access with ACL Resources
With your defined ACL resources, you can control user access by checking or unchecking checkboxes in the admin area. For example, if you want to give a user access to view and save FAQs but not delete them, you can uncheck the delete resource for that user. This gives you an unprecedented amount of control over user permissions.
It’s recommended not to nest resources more than three levels deep, as it can become difficult to manage and keep track of them. Also, avoid including your vendor name in the ACL resource names to keep things streamlined on the backend.
In later steps, you can use these resources to tie back into menus, controllers, and other components of your admin grid.