I found an interesting difference in Magento 2 as compared to Magento 1 with ACL.

We no longer need to define our own private function _isAllowed().  They now have a const that we can use, and let the abstract class take care of defining the _isAllowed.

To reference here is some sample code:

Here is the acl.xml

<?xml version="1.0"?>
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:Acl/etc/acl.xsd">
<resource id="Magento_Backend::admin">
<resource id="Russellalbin_Somemodule::base" title="Russellalbin">
<resource id="Russellalbin_Somemodule::log_error" title="Import/Export Error Log"/>

Here is the abstract class that defines this

const ADMIN_RESOURCE = 'Magento_Backend::admin'; /** * @return bool */ protected function _isAllowed() { return $this->_authorization->isAllowed(static::ADMIN_RESOURCE); }

So, if we extend this class, all we need to do is set the const ADMIN_RESOURCE to our defined id in acl.xml and we are done!

Here is an example custom controller class that uses this method:

namespace Russellalbin\Somemodule\Controller\Adminhtml\Log;
class Error extends \Magento\Backend\App\Action
protected $resultPageFactory;

* Authorization level of a basic admin session
* @see _isAllowed() vendor/magento/module-backend/App/AbstractAction.php:103
const ADMIN_RESOURCE = 'Russellalbin_Somemodule::log_error';

public function __construct(
\Magento\Backend\App\Action\Context $context,
\Magento\Framework\View\Result\PageFactory $resultPageFactory)
$this->resultPageFactory = $resultPageFactory;
return parent::__construct($context);

public function execute()
$page = $this->resultPageFactory->create();
return $page;


Now, keep in mind, we can still define our own version of _isAllowed but if you are not too worried about the different types of actions like save, edit, or delete, you can simply use this to manage access.