diff --git a/applications/luci-app-mwan3/root/usr/share/luci/menu.d/luci-app-mwan3.json b/applications/luci-app-mwan3/root/usr/share/luci/menu.d/luci-app-mwan3.json
index 556083584e..ee142df410 100644
--- a/applications/luci-app-mwan3/root/usr/share/luci/menu.d/luci-app-mwan3.json
+++ b/applications/luci-app-mwan3/root/usr/share/luci/menu.d/luci-app-mwan3.json
@@ -7,7 +7,7 @@
 		},
 		"depends": {
 			"acl": [
-				"luci-app-mwan3"
+				"luci-app-mwan3-status"
 			]
 		}
 	},
diff --git a/applications/luci-app-mwan3/root/usr/share/rpcd/acl.d/luci-app-mwan3.json b/applications/luci-app-mwan3/root/usr/share/rpcd/acl.d/luci-app-mwan3.json
index 72973ed1fe..a50ff19790 100644
--- a/applications/luci-app-mwan3/root/usr/share/rpcd/acl.d/luci-app-mwan3.json
+++ b/applications/luci-app-mwan3/root/usr/share/rpcd/acl.d/luci-app-mwan3.json
@@ -1,7 +1,58 @@
 {
-	"luci-app-mwan3": {
-		"description": "Grant UCI access for luci-app-mwan3",
+	"luci-app-mwan3-status": {
+		"description": "Grant access for luci-app-mwan3 status information",
 		"read": {
+			"cgi-io": [
+				"exec"
+			],
+			"file": {
+				"/usr/sbin/mwan3 status": [
+					"exec"
+				]
+			},
+			"ubus": {
+				"mwan3": [
+					"status"
+				]
+			}
+		},
+		"write": {
+			"file": {
+				"/usr/libexec/luci-mwan3 diag gateway *": [
+					"exec"
+				],
+				"/usr/libexec/luci-mwan3 diag tracking *": [
+					"exec"
+				],
+				"/usr/libexec/luci-mwan3 diag rules *": [
+					"exec"
+				],
+				"/usr/libexec/luci-mwan3 diag routes *": [
+					"exec"
+				],
+				"/usr/sbin/mwan3 internal ipv4": [
+					"exec"
+				],
+				"/usr/sbin/mwan3 ifup *": [
+					"exec"
+				],
+				"/usr/sbin/mwan3 ifdown *": [
+					"exec"
+				]
+			},
+			"ubus": {
+				"file": [
+					"exec"
+				]
+			}
+		}
+	},
+	"luci-app-mwan3": {
+		"description": "Grant access for luci-app-mwan3 configuration",
+		"read": {
+			"cgi-io": [
+				"exec"
+			],
 			"file": {
 				"/etc/mwan3.user": [
 					"read"
@@ -15,25 +66,7 @@
 				"/usr/bin/arping": [
 					"list"
 				],
-				"/usr/sbin/mwan3 status": [
-					"exec"
-				],
-				"/usr/sbin/mwan3 ifup *": [
-					"exec"
-				],
-				"/usr/sbin/mwan3 ifdown *": [
-					"exec"
-				],
-				"/usr/sbin/mwan3 internal ipv4": [
-					"exec"
-				],
-				"/usr/sbin/mwan3 internal ipv6": [
-					"exec"
-				],
-				"/usr/libexec/luci-mwan3 diag * *": [
-					"exec"
-				],
-				"/usr/libexec/luci-mwan3 ipset *": [
+				"/usr/libexec/luci-mwan3 ipset dump": [
 					"exec"
 				]
 			},
@@ -51,12 +84,6 @@
 			"file": {
 				"/etc/mwan3.user": [
 					"write"
-				],
-				"/usr/sbin/mwan3 ifup *": [
-					"exec"
-				],
-				"/usr/sbin/mwan3 ifdown *": [
-					"exec"
 				]
 			},
 			"uci": [