Find us on social media

Client area
FiveMPermissionsACEAdmin4 min read

Configure ACE permissions in FiveM

Manage admin roles and permissions using the ACE/ACL system in FiveM.

What is ACE/ACL?

ACE (Access Control Entry) and ACL (Access Control List) is FiveM's built-in permission system. It lets you define who can execute commands, access resources and perform admin actions without third-party plugins.

Core concepts

  • Principal: An identity (player, group)
  • ACE: A permission entry (allow/deny an action)
  • Group: A collection of permissions that can be assigned to players

Step 1: Define groups in server.cfg

Add permission groups to your server.cfg:

bash
# Create groups
add_ace group.admin command allow
add_ace group.admin command.quit deny
add_ace group.moderator command.kick allow
add_ace group.moderator command.ban allow
add_ace group.vip command.car allow

# Group inheritance (admin inherits moderator permissions)
add_principal group.admin group.moderator

Step 2: Assign players to groups

Use player identifiers to assign groups:

bash
# By FiveM license
add_principal identifier.license:abc123def456 group.admin

# By Steam ID
add_principal identifier.steam:110000100000001 group.moderator

# By Discord ID
add_principal identifier.discord:123456789012345 group.vip

Find player identifiers in txAdmin under the Players tab.

Step 3: Use permissions in resources

Resources can check ACE permissions in their scripts:

lua
-- Server-side: check if player has permission
RegisterCommand('heal', function(source, args)
  if IsPlayerAceAllowed(source, 'command.heal') then
    -- Heal the player
  else
    TriggerClientEvent('chat:addMessage', source, {args = {'System', 'No permission.'}})
  end
end, true)  -- true = restricted command

In fxmanifest.lua, declare the permission:

lua
server_script 'server.lua'

Common permission patterns

bash
# Full admin (all commands)
add_ace group.admin command allow

# Moderator (specific commands only)
add_ace group.moderator command.kick allow
add_ace group.moderator command.ban allow
add_ace group.moderator command.spectate allow
add_ace group.moderator command.tp allow

# VIP (cosmetic/convenience)
add_ace group.vip command.car allow
add_ace group.vip command.repair allow

# Deny dangerous commands even for admins
add_ace group.admin command.stop deny
add_ace group.admin command.quit deny

txAdmin integration

txAdmin has its own permission system that works alongside ACE:

  1. Go to txAdmin → SettingsAdmins
  2. Add admins by their Cfx.re username
  3. Assign txAdmin-specific permissions (console, players, settings)

txAdmin permissions are separate from in-game ACE permissions.

Debugging permissions

Check if a player has a specific permission from the server console:

bash
status

This shows connected players with their identifiers. Then verify in your config that the identifier matches.

Tips

  • Always use identifier.license: as the primary identifier (most reliable)
  • Keep a backup of your permission configuration
  • Use deny entries sparingly — they override allow entries
  • Test permissions with a non-admin account after making changes
  • Document your permission structure for other admins
  • Never give command allow (all commands) to non-trusted players
Was this guide helpful?
← Back to FiveM