> ## Documentation Index
> Fetch the complete documentation index at: https://docs.wasabihosting.com/llms.txt
> Use this file to discover all available pages before exploring further.

# How to Add Admins to Your FiveM Server - txAdmin & ACE Permissions

> Add admins to your FiveM server hosting at Wasabi Hosting - txAdmin Admin Manager, player identifiers, and ACE permissions in server.cfg explained.

FiveM has two separate permission layers, and a well-run server uses both. **txAdmin admins** can use the web dashboard — kick, ban, warn, restart, manage the whitelist. **ACE permissions** control what players can do *in-game* — admin commands, framework staff menus, and permission-gated resources. Making someone a txAdmin admin does not automatically give them in-game powers, and vice versa.

## Layer 1: txAdmin Admins

<Steps>
  <Step title="Open the Admin Manager">
    In the txAdmin web interface (see [txAdmin Setup](/games/fivem/txadmin-setup)), open **Admin Manager** from the menu. Only the master account and admins with the *manage admins* permission can access it.
  </Step>

  <Step title="Create a new admin">
    Click **New Admin** and fill in a username. Link the admin's **Cfx.re account** (their forum username) so they can log in with it — you can also link their Discord ID.
  </Step>

  <Step title="Assign permissions">
    txAdmin permissions are granular: view console, kick, ban, whitelist, manage settings, and more. Give each staff member only what their role needs.
  </Step>

  <Step title="Share the login">
    Send them your txAdmin URL. They log in with their Cfx.re account — no passwords to manage.
  </Step>
</Steps>

## Finding a Player's Identifiers

For in-game (ACE) permissions you need a player identifier. FiveM players have several: `fivem` (Cfx.re account ID), `license` (Rockstar license hash), `discord` (Discord user ID), and `steam` (only when a [Steam Web API key](/games/fivem/server-cfg) is set).

Two easy ways to find them:

* **txAdmin**: open **Players**, click the player, and their identifiers are listed in the player modal.
* **Live console**: with the player online, run `status` in the console in the [Game Panel](https://panel.wasabihosting.com) — it lists connected players; then use txAdmin or your framework's admin tools to view full identifiers.

| Identifier            | Example                                 | Notes                                                             |
| --------------------- | --------------------------------------- | ----------------------------------------------------------------- |
| `identifier.fivem:`   | `identifier.fivem:1234567`              | Cfx.re account ID — short and easy to read                        |
| `identifier.license:` | `identifier.license:a1b2c3...`          | Rockstar license hash — always present, most commonly used        |
| `identifier.discord:` | `identifier.discord:123456789012345678` | Discord user ID — only if the player runs Discord alongside FiveM |
| `identifier.steam:`   | `identifier.steam:110000112345678`      | Hex Steam ID — requires `steam_webApiKey` on the server           |

<Tip>
  Prefer `license` or `fivem` identifiers for permanent admin grants — they're always available, while `discord` and `steam` identifiers depend on how the player launched the game.
</Tip>

## Layer 2: ACE Permissions in server.cfg

ACE is FiveM's built-in access control system. You define what a **group** may do with `add_ace`, and put people in groups with `add_principal`. Add these lines to your [server.cfg](/games/fivem/server-cfg) and restart:

```bash theme={null}
# Give the admin group access to run commands
add_ace group.admin command allow

# But explicitly deny the dangerous quit command
add_ace group.admin command.quit deny

# Add players to the admin group by identifier
add_principal identifier.fivem:1234567 group.admin
add_principal identifier.license:a1b2c3d4e5f67890a1b2c3d4e5f67890a1b2c3d4 group.admin
add_principal identifier.discord:123456789012345678 group.admin
```

| Line                                              | What it does                                                      |
| ------------------------------------------------- | ----------------------------------------------------------------- |
| `add_ace group.admin command allow`               | Grants the `group.admin` group permission to use console commands |
| `add_ace group.admin "resource.permission" allow` | Grants a specific permission a resource asks for (check its docs) |
| `add_principal identifier.fivem:... group.admin`  | Puts a specific player (by Cfx.re ID) into `group.admin`          |

<Warning>
  `add_ace group.admin command allow` grants access to **every** registered command, including destructive ones like `stop` and `quit`. For larger staff teams, grant specific commands instead (e.g. `add_ace group.mod command.kick allow`) or pair the broad grant with explicit `deny` rules as shown above. Only give full command access to people you trust with the entire server.
</Warning>

### Group Inheritance

Groups can inherit from other groups using `add_principal` between principals:

```bash theme={null}
# admins inherit everything moderators can do
add_principal group.admin group.moderator

add_ace group.moderator command.kick allow
add_ace group.admin command.stop allow
```

Here `group.admin` automatically has `command.kick` (inherited) plus `command.stop` (its own). This lets you build a clean staff hierarchy: `user → moderator → admin`.

<Note>
  Framework admin systems (QBCore's `qb-adminmenu`, ESX's admin groups, or txAdmin's own in-game menu) layer on top of ACE — many of them check for specific ACE permissions documented in their READMEs, while others keep their own permission lists in the database.
</Note>

## Test Your Setup

1. Restart the server so the new `server.cfg` lines load.
2. Join the server with the account you granted.
3. Open the F8 console and try a permission-gated command — for example `txadmin` scripts respond to `/tx` for txAdmin admins, or test a simple registered admin command from one of your resources.
4. If you get "Access denied", re-check the identifier (one typo breaks the whole line) and confirm the line appears **after** any framework `ensure` lines that register the permissions.

## Security Best Practices

* Never paste `add_principal` lines sent by strangers "to help debug" — this is a common social-engineering trick.
* Audit your admin list regularly, in both txAdmin's Admin Manager and server.cfg.
* Give [sub-users](/server/sub-users) on the Game Panel only the panel permissions they need — panel access is a third, separate layer above txAdmin and ACE.
* Take regular [backups](/server/backups) so a rogue admin's damage can be rolled back.

<Card title="Build your staff team on solid ground" icon="rocket" href="https://wasabihosting.com/game-servers/fivem">
  FiveM server hosting from **€4.80/month** at Wasabi Hosting — with DDoS protection and 24/7 support behind your community.
</Card>
