Magento Access Denied for Custom Role User – FIXED

After installing the SUPEE-6285, you may notice that some of your modules on the back-end read “Access Denied” for users with custom roles.  Well, it took us all day and several trials and error but we have the fix in place now.  Here are the steps that we took.

Staging Site and Backup

It is always best to have a staging site of any of your client websites where you work before implementing any major changes on their live site.  Your staging site should be the exact configuration of the live site.  Backup your staging site and let’s begin.

Find Your Module and Patch!

The location should look similar to:  public_html/your-store/app/code/local/module-that-needs-patch/controllers

We tried many solutions and the one that worked for us was using a patching tool.  The patching tool patched EVERYTHING on our stage site so I definitely would not recommend running the patch on the live site.  Instead, we will run it on the stage site and then copy the ONE CONTROLLER file that was patched to the live site (the same controller location noted above within your module folder).

The patching tool we used is located online here –

Download and run the file from your top level Magento directory  – SupportDesk_FixAcl.php