# How to Set Up ACE Permissions on Your FiveM Server (/docs/fivem/ace-permissions) import { Step, Steps } from 'fumadocs-ui/components/steps'; FiveM uses an **ACE (Access Control Entry)** system for permissions. You define **groups** (like admin, moderator), grant them **permissions** (aces), and assign **players** (principals) to groups using their identifiers. Core Concepts [#core-concepts] | Term | Description | | --------------- | --------------------------------------------------------------------- | | **ACE** | A permission entry — grants or denies access to a command or resource | | **Principal** | An identity — a player identifier or a group | | **Group** | A named collection of permissions (e.g., `group.admin`) | | **Inheritance** | Groups can inherit permissions from other groups | Set Up Permissions [#set-up-permissions] Create a permissions file [#create-a-permissions-file] In the [XGamingServer Panel](https://panel.xgamingserver.com), click **Files** in the sidebar. Create a file called `permissions.cfg` in the server root. Define groups and permissions [#define-groups-and-permissions] ```ini # Moderator permissions add_ace group.moderator command.kick allow add_ace group.moderator command.ban allow # Admin inherits moderator + gets all commands add_principal group.admin group.moderator add_ace group.admin command allow add_ace group.admin txadmin.menu allow # Deny quit command even for admins add_ace group.admin command.quit deny ``` Assign players to groups [#assign-players-to-groups] Use their identifier (Steam, Discord, license, or FiveM): ```ini # By Steam ID add_principal identifier.steam:110000112345678 group.admin # By Discord ID add_principal identifier.discord:394446211341 group.moderator # By FiveM license add_principal identifier.license:abc123def456 group.moderator ``` Load in server.cfg [#load-in-servercfg] Open `server.cfg` and add: ```ini exec permissions.cfg ``` Restart [#restart] Restart from **Console**. Permissions take effect on player connect. How Inheritance Works [#how-inheritance-works] ``` group.admin └── inherits from group.moderator └── inherits from builtin.everyone ``` When you run `add_principal group.admin group.moderator`, admins get all moderator permissions **plus** their own. `builtin.everyone` is the implicit parent of all principals. Common Permission Examples [#common-permission-examples] ```ini # Allow a group to use a specific resource add_ace group.admin myresource allow # Allow a resource to run specific commands add_ace resource.es_extended command.add_ace allow add_ace resource.es_extended command.add_principal allow # Check permissions in a script add_ace group.vip myscript.vipfeature allow ``` Resources check permissions with `IsPlayerAceAllowed(source, 'myscript.vipfeature')`. Identifier Types [#identifier-types] | Format | Example | | --------------------- | ---------------------------------- | | `identifier.steam:` | `identifier.steam:110000112345678` | | `identifier.discord:` | `identifier.discord:394446211341` | | `identifier.license:` | `identifier.license:abc123def456` | | `identifier.fivem:` | `identifier.fivem:123456` | Related Guides [#related-guides] * [Adding Admins](/docs/fivem/adding-admins) * [Whitelist Setup](/docs/fivem/whitelist-setup) * [Server Configuration](/docs/fivem/configure-your-server)