The admin_menu
action will hide the ACF menu, in this example for not-admins.
And admin_head
will block the access if the URL is accessed directly.
E.g.: http://example.com/wp-admin/edit.php?post_type=acf
and http://example.com/wp-admin/edit.php?post_type=acf&page=acf-settings
add_action( 'admin_menu', 'wpse_59032_remove_acf_menu', 9999 );
add_action( 'admin_head-edit.php', 'wpse_59032_block_acf_screens' );
add_action( 'admin_head-custom-fields_page_acf-settings', 'wpse_59032_block_acf_screens' );
function wpse_59032_remove_acf_menu()
{
/* if not our allowed users, hide menu */
if ( !current_user_can('delete_plugins') ) {
remove_menu_page('edit.php?post_type=acf');
}
}
function wpse_59032_block_acf_screens()
{
global $current_screen;
/* not our screen, do nothing */
if( 'edit-acf' != $current_screen->id && 'custom-fields_page_acf-settings' != $current_screen->id )
return;
/* if not our allowed users, block access */
if ( !current_user_can('delete_plugins') ) {
wp_die('message');
}
}