In my magento2, I have created one user role with custom permission in which I give permission only for "Shipping Methods" to user.
When I login with this user, it also show me other custom extension configuration section as well.
Check screen-sort.
This is acl code of that custom extensions :
app->code->Company->Customext->etc->acl.xml
<?xml version="1.0"?>
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:Acl/etc/acl.xsd">
<acl>
<resources>
<resource id="Magento_Backend::admin">
<resource id="Magento_Backend::stores">
<resource id="Magento_Backend::stores_settings">
<resource id="Magento_Config::config">
<resource id="Company_Customext::config_customext" title="Custom 1" />
</resource>
</resource>
</resource>
</resource>
</resources>
</acl>
</config>
This is acl code of that another custom extensions :
app->code->Company->Customextnew->etc->acl.xml
<?xml version="1.0"?>
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:Acl/etc/acl.xsd">
<acl>
<resources>
<resource id="Magento_Backend::admin">
<resource id="Magento_Backend::stores">
<resource id="Magento_Backend::stores_settings">
<resource id="Magento_Config::config">
<resource id="Company_Customextnew::config_customextnew" title="Custom 2" />
</resource>
</resource>
</resource>
</resource>
</resources>
</acl>
</config>
Can any one have idea about this?
Thanks in advance.
Best Answer
Looks like they forgot to reference these ACL resources in
system.xmland never tested it. Not caring about ACL is a common issue amongst third party extensions.Since XML files are merged from all modules you should be able to fix it by adding the resource reference to the relevant config sections in an own custom module.