diff --git a/app/config/acl.yml b/app/config/acl.yml
index 8e36835..0c543df 100644
--- a/app/config/acl.yml
+++ b/app/config/acl.yml
@@ -8,7 +8,12 @@
 #     "allowed-zones" key. Per default a role is denied access to all zones.
 #
 #  - Resources:
-#     Resources maps directly to controller names.
+#     Resources maps directly to controller names. If a controller is not
+#     under the default module. <module>/<controller> format is used instead.
+#
+#     A special wildcard "*" character can be used to allow access to all
+#     controllers (most likely only useful for non-default modules).
+#
 #     There a 2 controllers/resources that are a bit special,
 #     index and error resources are always accessible by everyone (e.g. they
 #     are not part of the ACL).
@@ -18,10 +23,8 @@
 #
 # Zones
 #
-#   Zones defines a group of resources. for example an "backend" zone can
+#   Zones defines as 1 or more resources. for example an "backend" zone can
 #   have 2 controllers/resources (site-config, user-manager)
-#
-#   Zones might be implemented using modules later.
 
 acl:
  roles:
@@ -35,9 +38,9 @@ acl:
   admin:
     inherits: user
     description: Administrators
-  #  allowed-zones: backend
+    allowed-zones: backend
 
  zones:
   public:   [ auth, api ]
   user:     [ user, callback ]
-  #backend:  [ site, user-man ]
+  backend:  backend/*