diff --git a/lib/Config/AccessControl.php b/lib/Config/AccessControl.php
new file mode 100644
index 0000000000..f1c2fb9fa4
--- /dev/null
+++ b/lib/Config/AccessControl.php
@@ -0,0 +1,81 @@
+<?php
+
+namespace MailPoet\Config;
+
+use MailPoet\WP\Hooks as WPHooks;
+
+if(!defined('ABSPATH')) exit;
+require_once(ABSPATH . 'wp-includes/pluggable.php');
+
+class AccessControl {
+  static $permissions;
+  const PERMISSION_ACCESS_PLUGIN = 'access_plugin';
+  const PERMISSION_MANAGE_SETTINGS = 'manage_settings';
+  const PERMISSION_MANAGE_EMAILS = 'manage_emails';
+  const PERMISSION_MANAGE_SUBSCRIBERS = 'manage_subscribers';
+  const PERMISSION_MANAGE_FORMS = 'manage_forms';
+  const PERMISSION_MANAGE_SEGMENTS = 'manage_segments';
+
+  static function init($permissions = array()) {
+    self::setPermissions($permissions);
+  }
+
+  static function setPermissions($permissions = array()) {
+    self::$permissions = ($permissions) ? $permissions : self::getPermissions();
+  }
+
+  static function getPermissions() {
+    return array(
+      self::PERMISSION_ACCESS_PLUGIN => WPHooks::applyFilters(
+        'mailpoet_permission_access_plugin',
+        array(
+          'administrator',
+          'editor'
+        )
+      ),
+      self::PERMISSION_MANAGE_SETTINGS => WPHooks::applyFilters(
+        'mailpoet_permission_manage_settings',
+        array(
+          'administrator'
+        )
+      ),
+      self::PERMISSION_MANAGE_EMAILS => WPHooks::applyFilters(
+        'mailpoet_permission_manage_emails',
+        array(
+          'administrator',
+          'editor'
+        )
+      ),
+      self::PERMISSION_MANAGE_SUBSCRIBERS => WPHooks::applyFilters(
+        'mailpoet_permission_manage_subscribers',
+        array(
+          'administrator'
+        )
+      ),
+      self::PERMISSION_MANAGE_FORMS => WPHooks::applyFilters(
+        'mailpoet_permission_manage_forms',
+        array(
+          'administrator'
+        )
+      ),
+      self::PERMISSION_MANAGE_SEGMENTS => WPHooks::applyFilters(
+        'mailpoet_permission_manage_segments',
+        array(
+          'administrator'
+        )
+      )
+    );
+  }
+
+  static function validatePermission($permission) {
+    if(empty(self::$permissions)) self::init();
+    if(empty(self::$permissions[$permission])) return false;
+    $current_user = wp_get_current_user();
+    $current_user_roles = $current_user->roles;
+    $permitted_roles = array_intersect(
+      $current_user_roles,
+      self::$permissions[$permission]
+    );
+    return (!empty($permitted_roles));
+  }
+}
\ No newline at end of file
diff --git a/lib/Config/Env.php b/lib/Config/Env.php
index 971310d965..56092b6c34 100644
--- a/lib/Config/Env.php
+++ b/lib/Config/Env.php
@@ -2,8 +2,6 @@
 
 namespace MailPoet\Config;
 
-use MailPoet\WP\Hooks;
-
 if(!defined('ABSPATH')) exit;
 
 class Env {
@@ -34,7 +32,6 @@ class Env {
   static $db_collation;
   static $db_charset_collate;
   static $db_timezone_offset;
-  static $required_permission;
 
   static function init($file, $version) {
     global $wpdb;
@@ -72,7 +69,6 @@ class Env {
     self::$db_charset_collate = $wpdb->get_charset_collate();
     self::$db_source_name = self::dbSourceName(self::$db_host, self::$db_socket, self::$db_port, self::$db_charset);
     self::$db_timezone_offset = self::getDbTimezoneOffset();
-    self::$required_permission = Hooks::applyFilters('mailpoet_access_minimum_required_permission', 'manage_options');
   }
 
   private static function dbSourceName($host, $socket, $port, $charset) {
diff --git a/lib/Config/Initializer.php b/lib/Config/Initializer.php
index 8b66c4a71d..9d4080a559 100644
--- a/lib/Config/Initializer.php
+++ b/lib/Config/Initializer.php
@@ -24,6 +24,7 @@ class Initializer {
     'version' => '1.0.0'
   )) {
     Env::init($params['file'], $params['version']);
+    AccessControl::init();
   }
 
   function init() {
diff --git a/tests/unit/Config/AccessControlTest.php b/tests/unit/Config/AccessControlTest.php
new file mode 100644
index 0000000000..cfc62ef23b
--- /dev/null
+++ b/tests/unit/Config/AccessControlTest.php
@@ -0,0 +1,139 @@
+<?php
+
+namespace MailPoet\Test\Config;
+
+use Helper\WordPressHooks as WPHooksHelper;
+use MailPoet\Config\AccessControl;
+use MailPoet\WP\Hooks;
+
+class AccessControlTest extends \MailPoetTest {
+  function testItSetsDefaultPermissionsUponInitialization() {
+    AccessControl::init();
+    $default_permissions = array(
+      'access_plugin' => array(
+        'administrator',
+        'editor'
+      ),
+      'manage_settings' => array(
+        'administrator'
+      ),
+      'manage_emails' => array(
+        'administrator',
+        'editor'
+      ),
+      'manage_subscribers' => array(
+        'administrator'
+      ),
+      'manage_forms' => array(
+        'administrator'
+      ),
+      'manage_segments' => array(
+        'administrator'
+      )
+    );
+    expect(AccessControl::getPermissions())->equals($default_permissions);
+  }
+
+  function testItSetsCustomPermissionsUponInitialization() {
+    $custom_permissions = array(
+      'custom_permissions' => array(
+        'custom_role'
+      )
+    );
+    AccessControl::init($custom_permissions);
+    expect(AccessControl::$permissions)->equals($custom_permissions);
+  }
+
+  function testItGetsPermissions() {
+    expect(AccessControl::getPermissions())->equals(
+      array(
+        'access_plugin' => array(
+          'administrator',
+          'editor'
+        ),
+        'manage_settings' => array(
+          'administrator'
+        ),
+        'manage_emails' => array(
+          'administrator',
+          'editor'
+        ),
+        'manage_subscribers' => array(
+          'administrator'
+        ),
+        'manage_forms' => array(
+          'administrator'
+        ),
+        'manage_segments' => array(
+          'administrator'
+        )
+      )
+    );
+  }
+
+  function testItAllowsSettingCustonPermissions() {
+    Hooks::addFilter(
+      'mailpoet_permission_access_plugin',
+      function() {
+        return array('custom_access_plugin_role');
+      }
+    );
+    Hooks::addFilter(
+      'mailpoet_permission_manage_settings',
+      function() {
+        return array('custom_manage_settings_role');
+      }
+    );
+    Hooks::addFilter(
+      'mailpoet_permission_manage_emails',
+      function() {
+        return array('custom_manage_emails_role');
+      }
+    );
+    Hooks::addFilter(
+      'mailpoet_permission_manage_subscribers',
+      function() {
+        return array('custom_manage_subscribers_role');
+      }
+    );
+    Hooks::addFilter(
+      'mailpoet_permission_manage_forms',
+      function() {
+        return array('custom_manage_forms_role');
+      }
+    );
+    Hooks::addFilter(
+      'mailpoet_permission_manage_segments',
+      function() {
+        return array('custom_manage_forms_role');
+      }
+    );
+    AccessControl::init();
+    expect(AccessControl::$permissions)->equals(
+      array(
+        'access_plugin' => array(
+          'custom_access_plugin_role'
+        ),
+        'manage_settings' => array(
+          'custom_manage_settings_role'
+        ),
+        'manage_emails' => array(
+          'custom_manage_emails_role'
+        ),
+        'manage_subscribers' => array(
+          'custom_manage_subscribers_role'
+        ),
+        'manage_forms' => array(
+          'custom_manage_forms_role'
+        ),
+        'manage_segments' => array(
+          'custom_manage_forms_role'
+        )
+      )
+    );
+  }
+
+  function _after() {
+    WPHooksHelper::releaseAllHooks();
+  }
+}
\ No newline at end of file