diff --git a/app/code/Magento/Customer/Block/Adminhtml/Edit/DeleteButton.php b/app/code/Magento/Customer/Block/Adminhtml/Edit/DeleteButton.php
index e1bb6feb23698..38b2f410d2fab 100644
--- a/app/code/Magento/Customer/Block/Adminhtml/Edit/DeleteButton.php
+++ b/app/code/Magento/Customer/Block/Adminhtml/Edit/DeleteButton.php
@@ -10,6 +10,7 @@
 
 /**
  * Class DeleteButton
+ *
  * @package Magento\Customer\Block\Adminhtml\Edit
  */
 class DeleteButton extends GenericButton implements ButtonProviderInterface
@@ -36,6 +37,8 @@ public function __construct(
     }
 
     /**
+     * Get button data.
+     *
      * @return array
      */
     public function getButtonData()
@@ -53,12 +56,15 @@ public function getButtonData()
                 ],
                 'on_click' => '',
                 'sort_order' => 20,
+                'aclResource' => 'Magento_Customer::delete',
             ];
         }
         return $data;
     }
 
     /**
+     * Get delete url.
+     *
      * @return string
      */
     public function getDeleteUrl()
diff --git a/app/code/Magento/Customer/Block/Adminhtml/Edit/InvalidateTokenButton.php b/app/code/Magento/Customer/Block/Adminhtml/Edit/InvalidateTokenButton.php
index 180cb3d66ea35..ca24ac9356df9 100644
--- a/app/code/Magento/Customer/Block/Adminhtml/Edit/InvalidateTokenButton.php
+++ b/app/code/Magento/Customer/Block/Adminhtml/Edit/InvalidateTokenButton.php
@@ -9,11 +9,14 @@
 
 /**
  * Class InvalidateTokenButton
+ *
  * @package Magento\Customer\Block\Adminhtml\Edit
  */
 class InvalidateTokenButton extends GenericButton implements ButtonProviderInterface
 {
     /**
+     * Get button data.
+     *
      * @return array
      */
     public function getButtonData()
@@ -27,12 +30,15 @@ public function getButtonData()
                 'class' => 'invalidate-token',
                 'on_click' => 'deleteConfirm("' . $deleteConfirmMsg . '", "' . $this->getInvalidateTokenUrl() . '")',
                 'sort_order' => 65,
+                'aclResource' => 'Magento_Customer::invalidate_tokens',
             ];
         }
         return $data;
     }
 
     /**
+     * Get invalidate token url.
+     *
      * @return string
      */
     public function getInvalidateTokenUrl()
diff --git a/app/code/Magento/Customer/Block/Adminhtml/Edit/ResetPasswordButton.php b/app/code/Magento/Customer/Block/Adminhtml/Edit/ResetPasswordButton.php
index aa93785116851..f8a6b3505ae68 100644
--- a/app/code/Magento/Customer/Block/Adminhtml/Edit/ResetPasswordButton.php
+++ b/app/code/Magento/Customer/Block/Adminhtml/Edit/ResetPasswordButton.php
@@ -27,6 +27,7 @@ public function getButtonData()
                 'class' => 'reset reset-password',
                 'on_click' => sprintf("location.href = '%s';", $this->getResetPasswordUrl()),
                 'sort_order' => 60,
+                'aclResource' => 'Magento_Customer::reset_password',
             ];
         }
         return $data;
diff --git a/app/code/Magento/Customer/Controller/Adminhtml/Customer/InvalidateToken.php b/app/code/Magento/Customer/Controller/Adminhtml/Customer/InvalidateToken.php
index 7337d005a7323..b69410ecbfce7 100644
--- a/app/code/Magento/Customer/Controller/Adminhtml/Customer/InvalidateToken.php
+++ b/app/code/Magento/Customer/Controller/Adminhtml/Customer/InvalidateToken.php
@@ -7,6 +7,7 @@
 
 namespace Magento\Customer\Controller\Adminhtml\Customer;
 
+use Magento\Framework\App\Action\HttpGetActionInterface;
 use Magento\Integration\Api\CustomerTokenServiceInterface;
 use Magento\Customer\Api\AccountManagementInterface;
 use Magento\Customer\Api\AddressRepositoryInterface;
@@ -25,8 +26,15 @@
  * @SuppressWarnings(PHPMD.TooManyFields)
  * @SuppressWarnings(PHPMD.NumberOfChildren)
  */
-class InvalidateToken extends \Magento\Customer\Controller\Adminhtml\Index
+class InvalidateToken extends \Magento\Customer\Controller\Adminhtml\Index implements HttpGetActionInterface
 {
+    /**
+     * Authorization level of a basic admin session
+     *
+     * @see _isAllowed()
+     */
+    const ADMIN_RESOURCE = 'Magento_Customer::invalidate_tokens';
+
     /**
      * @var CustomerTokenServiceInterface
      */
diff --git a/app/code/Magento/Customer/Controller/Adminhtml/Index/Delete.php b/app/code/Magento/Customer/Controller/Adminhtml/Index/Delete.php
index 15da8b20adbca..ab39ca098162f 100644
--- a/app/code/Magento/Customer/Controller/Adminhtml/Index/Delete.php
+++ b/app/code/Magento/Customer/Controller/Adminhtml/Index/Delete.php
@@ -8,8 +8,18 @@
 use Magento\Framework\App\Action\HttpPostActionInterface as HttpPostActionInterface;
 use Magento\Framework\Controller\ResultFactory;
 
+/**
+ * Delete customer action.
+ */
 class Delete extends \Magento\Customer\Controller\Adminhtml\Index implements HttpPostActionInterface
 {
+    /**
+     * Authorization level of a basic admin session
+     *
+     * @see _isAllowed()
+     */
+    const ADMIN_RESOURCE = 'Magento_Customer::delete';
+
     /**
      * Delete customer action
      *
diff --git a/app/code/Magento/Customer/Controller/Adminhtml/Index/MassDelete.php b/app/code/Magento/Customer/Controller/Adminhtml/Index/MassDelete.php
index 334018a881f12..edaeea6a15eb2 100644
--- a/app/code/Magento/Customer/Controller/Adminhtml/Index/MassDelete.php
+++ b/app/code/Magento/Customer/Controller/Adminhtml/Index/MassDelete.php
@@ -18,6 +18,13 @@
  */
 class MassDelete extends AbstractMassAction implements HttpPostActionInterface
 {
+    /**
+     * Authorization level of a basic admin session
+     *
+     * @see _isAllowed()
+     */
+    const ADMIN_RESOURCE = 'Magento_Customer::delete';
+
     /**
      * @var CustomerRepositoryInterface
      */
@@ -40,8 +47,7 @@ public function __construct(
     }
 
     /**
-     * @param AbstractCollection $collection
-     * @return \Magento\Backend\Model\View\Result\Redirect
+     * @inheritdoc
      */
     protected function massAction(AbstractCollection $collection)
     {
diff --git a/app/code/Magento/Customer/Controller/Adminhtml/Index/ResetPassword.php b/app/code/Magento/Customer/Controller/Adminhtml/Index/ResetPassword.php
index 3e6046b0d117f..1e4fa91cbf899 100644
--- a/app/code/Magento/Customer/Controller/Adminhtml/Index/ResetPassword.php
+++ b/app/code/Magento/Customer/Controller/Adminhtml/Index/ResetPassword.php
@@ -16,6 +16,13 @@
  */
 class ResetPassword extends \Magento\Customer\Controller\Adminhtml\Index implements HttpGetActionInterface
 {
+    /**
+     * Authorization level of a basic admin session
+     *
+     * @see _isAllowed()
+     */
+    const ADMIN_RESOURCE = 'Magento_Customer::reset_password';
+
     /**
      * Reset password handler
      *
diff --git a/app/code/Magento/Customer/etc/acl.xml b/app/code/Magento/Customer/etc/acl.xml
index e8e6219bef4fe..1d45aa6445db8 100644
--- a/app/code/Magento/Customer/etc/acl.xml
+++ b/app/code/Magento/Customer/etc/acl.xml
@@ -10,7 +10,13 @@
         <resources>
             <resource id="Magento_Backend::admin">
                 <resource id="Magento_Customer::customer" title="Customers" translate="title" sortOrder="40">
-                    <resource id="Magento_Customer::manage" title="All Customers" translate="title" sortOrder="10" />
+                    <resource id="Magento_Customer::manage" title="All Customers" translate="title" sortOrder="10">
+                        <resource id="Magento_Customer::actions" title="Actions" translate="title" sortOrder="10">
+                            <resource id="Magento_Customer::delete" title="Delete" translate="title" sortOrder="10" />
+                            <resource id="Magento_Customer::reset_password" title="Reset password" translate="title" sortOrder="20" />
+                            <resource id="Magento_Customer::invalidate_tokens" title="Invalidate tokens" translate="title" sortOrder="30" />
+                        </resource>
+                    </resource>
                     <resource id="Magento_Customer::online" title="Now Online" translate="title" sortOrder="20" />
                     <resource id="Magento_Customer::group" title="Customer Groups" translate="title" sortOrder="30" />
                 </resource>