diff --git a/cdist/conf/type/__acl/explorer/checks b/cdist/conf/type/__acl/explorer/checks
index 5b379a08..70bb0412 100755
--- a/cdist/conf/type/__acl/explorer/checks
+++ b/cdist/conf/type/__acl/explorer/checks
@@ -20,17 +20,20 @@
 
 # TODO check if filesystem has ACL turned on etc
 
-grep -E '^(default:)?(user|group):' "$__object/parameter/acl" \
-| while read -r acl
-do
-    param="$( echo "$acl" | awk -F: '{print $(NF-2)}' )"
-    check="$( echo "$acl" | awk -F: '{print $(NF-1)}' )"
+if [ -f "$__object/parameter/acl" ]
+then
+    grep -E '^(default:)?(user|group):' "$__object/parameter/acl" \
+    | while read -r acl
+    do
+        param="$( echo "$acl" | awk -F: '{print $(NF-2)}' )"
+        check="$( echo "$acl" | awk -F: '{print $(NF-1)}' )"
 
-    [ "$param" = 'user' ] && db=passwd || db="$param"
+        [ "$param" = 'user' ] && db=passwd || db="$param"
 
-    if ! getent "$db" "$check" > /dev/null
-    then
-        echo "missing $param '$check'" >&2
-        exit 1
-    fi
-done
+        if ! getent "$db" "$check" > /dev/null
+        then
+            echo "missing $param '$check'" >&2
+            exit 1
+        fi
+    done
+fi
diff --git a/cdist/conf/type/__acl/gencode-remote b/cdist/conf/type/__acl/gencode-remote
index 3c7085f0..6dab4d09 100755
--- a/cdist/conf/type/__acl/gencode-remote
+++ b/cdist/conf/type/__acl/gencode-remote
@@ -28,7 +28,27 @@ acl_path="/$__object_id"
 
 acl_is="$( cat "$__object/explorer/acl_is" )"
 
-acl_should="$( cat "$__object/parameter/acl" )"
+if [ -f "$__object/parameter/acl" ]
+then
+    acl_should="$( cat "$__object/parameter/acl" )"
+elif
+    [ -f "$__object/parameter/user" ] \
+        || [ -f "$__object/parameter/group" ] \
+        || [ -f "$__object/parameter/mask" ] \
+        || [ -f "$__object/parameter/other" ]
+then
+    acl_should="$( for param in user group mask other
+    do
+        [ ! -f "$__object/parameter/$param" ] && continue
+
+        echo "$param" | grep -Eq 'mask|other' && sep=:: || sep=:
+
+        echo "$param$sep$( cat "$__object/parameter/$param" )"
+    done )"
+else
+    echo 'no parameters set' >&2
+    exit 1
+fi
 
 if [ -f "$__object/parameter/default" ]
 then
diff --git a/cdist/conf/type/__acl/man.rst b/cdist/conf/type/__acl/man.rst
index a71e0d3c..85e946ce 100644
--- a/cdist/conf/type/__acl/man.rst
+++ b/cdist/conf/type/__acl/man.rst
@@ -34,6 +34,12 @@ remove
    ``mask`` and ``other`` entries can't be removed, but only changed.
 
 
+DEPRECATED PARAMETERS
+---------------------
+Parameters ``user``, ``group``, ``mask`` and ``other`` are deprecated and they
+will be removed in future versions. Please use ``acl`` parameter instead.
+
+
 EXAMPLES
 --------
 
diff --git a/cdist/conf/type/__acl/parameter/optional b/cdist/conf/type/__acl/parameter/optional
new file mode 100644
index 00000000..4b32086b
--- /dev/null
+++ b/cdist/conf/type/__acl/parameter/optional
@@ -0,0 +1,2 @@
+mask
+other
diff --git a/cdist/conf/type/__acl/parameter/optional_multiple b/cdist/conf/type/__acl/parameter/optional_multiple
new file mode 100644
index 00000000..95c25d55
--- /dev/null
+++ b/cdist/conf/type/__acl/parameter/optional_multiple
@@ -0,0 +1,3 @@
+acl
+user
+group
diff --git a/cdist/conf/type/__acl/parameter/required_multiple b/cdist/conf/type/__acl/parameter/required_multiple
deleted file mode 100644
index 39fead3b..00000000
--- a/cdist/conf/type/__acl/parameter/required_multiple
+++ /dev/null
@@ -1 +0,0 @@
-acl