diff --git a/client/client/routes.json b/client/client/routes.json
index bac7d2ffe..91eae4c98 100644
--- a/client/client/routes.json
+++ b/client/client/routes.json
@@ -17,26 +17,32 @@
             "params": {
                 "client": "card.client"
             },
-            "description": "Datos básicos",
-            "icon": "person"
+            "menu": {
+                "description": "Datos básicos",
+                "icon": "person"
+            }
         },  {
             "url": "/fiscal-data",
             "state": "clientCard.fiscalData",
             "component": "vn-client-fiscal-data",
             "params": {
                 "client": "card.client"
-            },            
-            "description": "Datos fiscales",
-            "icon": "account_balance"
+            },
+            "menu": {
+                "description": "Datos fiscales",
+                "icon": "account_balance"
+            }
         }, {
             "url": "/billing-data",
             "state": "clientCard.billingData",
             "component": "vn-client-billing-data",
             "params": {
                 "client": "card.client"
-            },            
-            "description": "Datos facturación",
-            "icon": "assignment"
+            },
+            "menu": {       
+                "description": "Datos facturación",
+                "icon": "assignment"
+            }
         },{
             "url": "/addresses",
             "state": "clientCard.addresses",
@@ -49,8 +55,10 @@
             "params": {
                 "client": "card.client"
             },
-            "description": "Consignatarios",
-            "icon": "local_shipping"
+             "menu": {
+                "description": "Consignatarios",
+                "icon": "local_shipping"
+             }
         }, {
             "url": "/create",
             "state": "clientCard.addresses.create",
@@ -66,8 +74,10 @@
             "params": {
                 "client": "card.client"
             },
-            "description": "Acceso web",
-            "icon": "language"
+             "menu": {
+                "description": "Acceso web",
+                "icon": "language"
+             }
         },{
             "url": "/notes",
             "state": "clientCard.notes",
@@ -80,8 +90,11 @@
             "params": {
                 "client": "card.client"
             },
-            "description": "Notas",
-            "icon": "insert_drive_file"
+            "menu": {
+                "description": "Notas",
+                "icon": "insert_drive_file"
+            }
+            
         }, {
             "url": "/create",
             "state": "clientCard.notes.create",
diff --git a/client/client/src/basic-data/index.html b/client/client/src/basic-data/index.html
index 8829d89b2..d13580cc9 100644
--- a/client/client/src/basic-data/index.html
+++ b/client/client/src/basic-data/index.html
@@ -10,7 +10,7 @@
         <vn-vertical pad-large>
             <vn-title>Datos básicos</vn-title>
             <vn-horizontal>
-                <vn-textfield vn-one label="Nombre" field="$ctrl.client.name" vn-focus></vn-textfield>
+                <vn-textfield vn-one label="Nombre" field="$ctrl.client.name" vn-focus vn-acl="prueba"></vn-textfield>
                 <vn-textfield vn-one label="NIF/CIF" field="$ctrl.client.fi"></vn-textfield>
                 <vn-textfield autofocus vn-one label="Razón social" field="$ctrl.client.socialName"></vn-textfield>
             </vn-horizontal>
diff --git a/client/client/src/card/index.html b/client/client/src/card/index.html
index 0b8976616..589deb152 100644
--- a/client/client/src/card/index.html
+++ b/client/client/src/card/index.html
@@ -2,7 +2,7 @@
     <mg-ajax path="/client/api/Clients/{{edit.params.id}}/card" options="mgEdit" actions="card.client=edit.model;"></mg-ajax>
     <vn-empty style="min-width: 18em; padding-left: 1em; padding-bottom: 1em;">
         <vn-descriptor client="card.client" active="card.client.active" class="display-block" ></vn-descriptor>
-        <vn-left-menu items="card.items"></vn-left-menu>
+        <vn-left-menu></vn-left-menu>
     </vn-empty>
     <vn-auto>
         <vn-vertical style="max-width: 70em; margin: 0 auto;" ui-view></vn-vertical>
diff --git a/client/client/src/card/index.js b/client/client/src/card/index.js
index 0c4067750..107aa9815 100644
--- a/client/client/src/card/index.js
+++ b/client/client/src/card/index.js
@@ -6,22 +6,10 @@ export const NAME = 'vnClientCard';
 export default class vnClientCard {
     constructor() {
         this.client = null;
-        this.items = [];
-        this.init();
-    }
-
-    init() {
-        routes.client.routes.forEach(i => {
-            if (i.description)
-                this.items.push({
-                    description: i.description,
-                    icon: i.icon,
-                    href: i.state
-                });
-        });
     }
 }
 
+
 module.component(NAME, {
     template: require('./index.html'),
     controllerAs: 'card',
diff --git a/client/core/src/directives/acl.js b/client/core/src/directives/acl.js
new file mode 100644
index 000000000..b6c4bc162
--- /dev/null
+++ b/client/core/src/directives/acl.js
@@ -0,0 +1,23 @@
+import {module} from '../module';
+
+function vnAcl(aclService, $compile) {
+    return {
+        restrict: 'A',
+        link: function(scope, element, attrs) {
+            let acls = attrs.vnAcl.split(',');
+            let action = attrs.vnAclAction || 'disabled';
+            if (!aclService.aclPermission(acls)) {
+                if (action === 'disabled') {
+                    let input = element[0].querySelector('input');
+                    input.setAttribute("ng-disabled", "true");
+                    $compile(input)(scope);
+                } else {
+                    element.remove();
+                }
+            }
+        }
+    };
+}
+vnAcl.$inject = ['aclService', '$compile'];
+
+module.directive('vnAcl', vnAcl);
diff --git a/client/core/src/directives/index.js b/client/core/src/directives/index.js
index 6f42e0ec7..4bd512eb0 100644
--- a/client/core/src/directives/index.js
+++ b/client/core/src/directives/index.js
@@ -2,3 +2,4 @@ import './id';
 import './focus';
 import './dialog';
 import './validation';
+import './acl';
diff --git a/client/salix/src/components/app/app.js b/client/salix/src/components/app/app.js
index 66b197067..8e417a491 100644
--- a/client/salix/src/components/app/app.js
+++ b/client/salix/src/components/app/app.js
@@ -75,3 +75,29 @@ function interceptorConfig($httpProvider) {
     $httpProvider.interceptors.push('vnAppInterceptor');
 }
 ngModule.config(interceptorConfig);
+
+function aclService() {
+    this.roles = window.Salix.acl.roles;
+    this.routeHasPermission = function(route) {
+        let hasPermission;
+        if (!route.acl)
+            hasPermission = true;
+        else if (!this.roles || !Object.keys(this.roles).length)
+            hasPermission = false;
+        else
+            hasPermission = this.aclPermission(route.acl);
+        return hasPermission;
+    };
+    this.aclPermission = function(aclCollection) {
+        let hasPermission = false;
+        let total = aclCollection.length;
+        for (let i = 0; i < total; i++) {
+            if (this.roles[aclCollection[i]]) {
+                hasPermission = true;
+                break;
+            }
+        }
+        return hasPermission;
+    };
+}
+ngModule.service('aclService', aclService);
diff --git a/client/salix/src/components/left-menu/left-menu.js b/client/salix/src/components/left-menu/left-menu.js
index ec605667b..77626fe33 100644
--- a/client/salix/src/components/left-menu/left-menu.js
+++ b/client/salix/src/components/left-menu/left-menu.js
@@ -1,9 +1,31 @@
 import ngModule from '../../module';
 import './style.css';
 
+export default class vnLeftMenu {
+    constructor(aclService, $state) {
+        this.aclService = aclService;
+        this.$state = $state;
+        this.items = [];
+        this.init();
+    }
+
+    init() {
+        let station = this.$state.current.data.station || 'default';
+        if (routes[station]) {
+            routes[station].routes.forEach(i => {
+                if (i.menu && this.aclService.routeHasPermission(i))
+                    this.items.push({
+                        description: i.menu.description,
+                        icon: i.menu.icon,
+                        href: i.state
+                    });
+            });
+        }
+    }
+}
+vnLeftMenu.$inject = ['aclService', '$state'];
+
 ngModule.component('vnLeftMenu', {
     template: require('./left-menu.html'),
-    bindings: {
-        items: '<'
-    }
+    controller: vnLeftMenu
 });
diff --git a/client/salix/src/configroutes.js b/client/salix/src/configroutes.js
index f80a70e75..7d18d2b77 100644
--- a/client/salix/src/configroutes.js
+++ b/client/salix/src/configroutes.js
@@ -11,9 +11,10 @@ function loader(moduleName) {
     return load;
 }
 
-config.$inject = ['$stateProvider', '$urlRouterProvider'];
-function config($stateProvider, $urlRouterProvider) {
+config.$inject = ['$stateProvider', '$urlRouterProvider', 'aclServiceProvider'];
+function config($stateProvider, $urlRouterProvider, aclServiceProvider) {
     splitingRegister.registerGraph(deps);
+    let aclService = aclServiceProvider.$get();
 
     function getParams(route) {
         let params = '';
@@ -34,16 +35,20 @@ function config($stateProvider, $urlRouterProvider) {
     for (let file in routes) {
         let fileRoutes = routes[file].routes;
         let moduleName = routes[file].module;
-
         fileRoutes.forEach(function(route) {
-            $stateProvider.state(route.state, {
-                url: route.url,
-                abstract: route.abstract || false,
-                template: `<${route.component} ${getParams(route)}></${route.component}>`,
-                resolve: {
-                    loader: loader(moduleName)
-                }
-            });
+            if (aclService.routeHasPermission(route)) {
+                $stateProvider.state(route.state, {
+                    url: route.url,
+                    abstract: route.abstract || false,
+                    template: `<${route.component} ${getParams(route)}></${route.component}>`,
+                    resolve: {
+                        loader: loader(moduleName)
+                    },
+                    data: {
+                        station: file
+                    }
+                });
+            }
         });
     }
 }
diff --git a/services/salix/server/boot/routes.js b/services/salix/server/boot/routes.js
index 1ff4fbe23..10ce5dd4b 100644
--- a/services/salix/server/boot/routes.js
+++ b/services/salix/server/boot/routes.js
@@ -63,20 +63,31 @@ module.exports = function (app) {
                         "principalId": `${app.currentUser.id}`,
                         "principalType": "USER"
                     },
-                    "include": {
+                    "include": [{
                         "relation": "role",
                         "scope": {
                             "fields": ["name"]
                         }
-                    }
+                    },
+                    {
+                        "relation": "user",
+                        "scope": {
+                            "fields": ["id", "username"]
+                        }
+                    }]
                 };
+            app.models.RoleMapping.belongsTo(app.models.User, {foreignKey: 'principalId', as: 'user'});
             app.models.RoleMapping.find(query, function(err, roles){
                 if(roles){
-                    let acl = {};
+                    let acl = {
+                        userProfile: {},
+                        roles: {}
+                    };
+                    acl.userProfile = roles[0].user();
                     Object.keys(roles).forEach(function(_, i){
                         if(roles[i].roleId){
                             let rol = roles[i].role();
-                            acl[rol.name] = true;
+                            acl.roles[rol.name] = true;
                         }
                     });
                     sendACL(res, acl);