I've removed the first part of my reply, because there's more to it then just editing the acl's unfortunately. The method provided, is a far better approach and is within the intended use of the acls.
A quick search yields -->openwrt-luci-how-to-implement-limited-user-access
If you'd like to create multiple OpenWRT Luci users with varying access, you can following these steps:
Create a local user account
Add the user to the RCP configuration and define access level
See sample excerpt from /etc/config/rpcd config below:
config login
option username 'adminuser'
option password '$p$adminuser'
list read '*'
list write '*'
config login
option username 'readonlyuser'
option password '$p$readonlyuser'
list read '*'
This also works if you're obtaining an authentication token for JSON-RPC calls to Luci.
Haven't tested it myself, but from what I can recall from way back when I was maintaining the luci-multi-user pkg, this would be a better method. You'll have to do some digging and or confirm this yourself...
i posted the wrong link. The complete solution was posted here --> solved-luci-add-support-user-in-addition-to-root