FiveM & RedM Tools

FiveM ACE Permissions Generator

Build the add_ace and add_principal lines your FiveM server.cfg needs: group inheritance, player identifiers, command grants and custom ace objects. This is the access-control config that txAdmin does not fully auto-generate. Everything runs in your browser, with no login.

Admin / mod setup, ready to edit

Principals: inheritance & membership

Each row adds a child principal to a parent, so the child inherits everything the parent can do. Use it to put a player identifier into a group, or to make one group inherit another.

Aces: grants

Each row allows or denies an object for a principal. The object can be command (all commands), a specific command.<name>, or a custom ace a resource checks with IsPlayerAceAllowed.

server.cfg output
# ACE permissions — add to server.cfg

Grants (add_ace) are written first, then membership (add_principal). Rows with an empty required field are skipped automatically.

How FiveM ACE permissions work

Principalsare the "who". A principal is either a player identifier or a group. Identifiers use the form identifier.<type>:<id>, for example identifier.steam:110000112345678, identifier.license:abc123 or identifier.fivem:1234567. Groups are names you choose, conventionally group.admin, group.mod and so on.

Objects are the "what". Use command to cover every server command, or command.<name> (such as command.kick) to target a single command. You can also invent your own custom ace object, any string a resource checks with IsPlayerAceAllowed, e.g. car or menu.access.

allow / deny is the decision. Granting command allow to a group hands it every command, so keep that for trusted admins. Add a deny row to carve out exceptions, e.g. add_ace group.admin command.quit deny.

Tip: build one group.admin, make it inherit group.modwith a principal row, then add each staff member's identifier to the right group. You only manage groups after that.

FAQ

FiveM ACE permissions, explained

What are FiveM ACE permissions?+

ACE stands for Access Control Entries, the permission system FiveM (and RedM) builds into server.cfg. Instead of hard-coding who can run what, you grant an "object" (like the command object, a specific command.<name>, or a custom ace a script checks) to a "principal" (a player identifier or a group such as group.admin) with either allow or deny. Resources then check permissions at runtime with IsPlayerAceAllowed, so your access control lives in one place in your config.

How do I make someone an admin in FiveM?+

Add the player's identifier to an admin group and give that group the permissions it needs. For example: add_principal identifier.steam:110000112345678 group.admin makes that player a member of group.admin, and add_ace group.admin command allow lets group.admin run every server command. You can find a player's identifier from txAdmin, server console, or a script that prints GetPlayerIdentifiers.

What's the difference between add_ace and add_principal?+

add_principal defines membership and inheritance: it says one principal belongs to (inherits the permissions of) another, e.g. add_principal group.admin group.mod means admins also get everything mods have, and add_principal identifier.license:abc123 group.admin adds a specific player to the admin group. add_ace defines a grant. It says a principal is allowed or denied a specific object, e.g. add_ace group.admin command allow. In short: add_principal decides who is in a group, add_ace decides what that group can do.

Does txAdmin do this for me?+

Partly. txAdmin manages its own admin list and web-panel permissions separately from server.cfg, so txAdmin admins do not automatically appear as ACE principals in your config. You still write add_ace and add_principal lines yourself for in-game command access, custom resource permissions, and any script that calls IsPlayerAceAllowed. This generator produces exactly those server.cfg lines, which sit alongside (not inside) txAdmin.

More Digital Den tools

Browse the rest of our free, no-login utilities and bots.

All tools →