diff --git a/pillar/role/salt/master.sls b/pillar/role/salt/master.sls
index 9982a24..0e5f256 100644
--- a/pillar/role/salt/master.sls
+++ b/pillar/role/salt/master.sls
@@ -60,3 +60,4 @@ salt:
     syndic_user: ${'secret_salt:master:syndic_user'}
     cache.redis.unix_socket_path: ${'secret_salt:master:cache.redis.unix_socket_path'}
     cache.redis.password: ${'secret_salt:master:cache.redis.password'}
+    publisher_acl: ${'secret_salt:master:publisher_acl'}
diff --git a/salt/profile/salt/master.sls b/salt/profile/salt/master.sls
index a1ef840..92d1835 100644
--- a/salt/profile/salt/master.sls
+++ b/salt/profile/salt/master.sls
@@ -101,3 +101,15 @@ salt_redis_service_start:
       - pkg: redis
     - watch:
       - file: {{ redis_config }}
+
+{%- if pillar['secret_salt'] is defined %}
+admin_salt_membership:
+  group.present:
+    - name: salt
+    - addusers:
+      {%- for user in pillar['secret_salt']['master']['publisher_acl'] %}
+      - {{ user }}
+      {%- endfor %}
+    - require:
+      - pkg: salt-master
+{%- endif %}