ACE Permissions

How to use FiveM's ACE permissions system to grant players and groups access to script commands.

FiveM's ACE system is how scripts decide who can run which commands. TIMMYG Studios scripts use it for admin-only features — for example, opening the tELS editor requires the tlib.admin permission.

Permission checks happen server-side, so changes require either an ensure of the resource or a server restart to take effect.

Principals

A principal is an identifier that holds permissions (which FiveM calls ACEs). Principals are either:

  • Player identifiers — a specific player's Discord ID, Steam ID, License, etc.
  • Groups — made-up identifiers prefixed with group. (e.g., group.admin, group.moderator). Groups don't need to be declared — they exist the moment you reference one.

Groups are the recommended approach since they let you assign the same permissions to many players at once.

Adding a player to a group

server.cfg
add_principal identifier.discord:394446211341615104 group.admin

This adds the player with Discord ID 394446211341615104 to group.admin. Any ACEs granted to group.admin now apply to that player.

Nesting groups

server.cfg
add_principal group.admin group.moderator

group.admin now inherits every permission that group.moderator has.

Lines starting with # in server.cfg are comments and are ignored by the parser.

Granting permissions

Use add_ace to grant a permission node, remove_ace to revoke it. Permissions can be attached to a group or directly to a player identifier.

server.cfg
# Grant the tlib.admin permission to the admin group
add_ace group.admin "tlib.admin" allow

# Add the player to the group — they inherit all of its permissions
add_principal identifier.discord:394446211341615104 group.admin

Any player added to group.admin now has tlib.admin. Add or remove players from the group without touching the ACE itself.

server.cfg
# Grant the permission directly to one player
add_ace identifier.discord:394446211341615104 "tlib.admin" allow

Faster for a single player, but doesn't scale. Prefer groups if more than one person will ever need the permission.

Removing permissions

server.cfg
# Revoke from the group
remove_ace group.admin "tlib.admin" allow

# Revoke from a specific player
remove_ace identifier.discord:394446211341615104 "tlib.admin" allow

The allow at the end must match the original grant.

Example: giving someone tELS editor access

The tELS editor is gated behind tlib.admin. To grant a player access:

Open server.cfg

Locate server.cfg in your server's root directory.

Grant the ACE to a group

server.cfg
add_ace group.admin "tlib.admin" allow

Add the player to the group

server.cfg
add_principal identifier.discord:394446211341615104 group.admin

Replace the Discord ID with your admin's identifier. You can also use identifier.steam:..., identifier.license:..., or identifier.fivem:....

Restart the server

ACE changes are loaded at startup. Restart the server or run refresh + restart on the resources that check the permission.

Verify

The admin runs /telsedit in-game. If the permission is correct, the editor opens. If it still says permission denied, check the identifier matches exactly — Discord IDs must be numeric with no prefix beyond identifier.discord:.

tELS Installation

Where tlib.admin is used — gates the editor and server-wide defaults.

tLib

Provides the admin ACE and permission helpers used across TIMMYG Studios scripts.

FiveM Escrow FAQ

If commands fail for reasons other than permissions, start here.

General Issues

Overview of common FiveM escrow system errors and how to identify them.

Syntax Error / Error Parsing

Fixing 'syntax error near <\1>' and 'Error parsing script' errors in FiveM.

On this page

PrincipalsAdding a player to a groupNesting groupsGranting permissionsRemoving permissionsExample: giving someone tELS editor accessOpen server.cfgGrant the ACE to a groupAdd the player to the groupRestart the serverVerifyRelated

Need help?

Ask on Discord