diff --git a/dependencies.json b/dependencies.json
new file mode 100644
index 0000000000..ccb6589360
--- /dev/null
+++ b/dependencies.json
@@ -0,0 +1,11 @@
+{
+  "recipesEndpoint": "",
+  "packages": [
+    {
+      "requirement": "dev-ibx-10170-access-check as 5.0.x-dev",
+      "repositoryUrl": "https://github.com/ibexa/user",
+      "package": "ibexa/user",
+      "shouldBeAddedAsVCS": false
+    }
+  ]
+}
diff --git a/src/bundle/EventSubscriber/PerformAccessCheckSubscriber.php b/src/bundle/EventSubscriber/PerformAccessCheckSubscriber.php
deleted file mode 100644
index c3c75593fb..0000000000
--- a/src/bundle/EventSubscriber/PerformAccessCheckSubscriber.php
+++ /dev/null
@@ -1,34 +0,0 @@
-<?php
-
-/**
- * @copyright Copyright (C) Ibexa AS. All rights reserved.
- * @license For full copyright and license information view LICENSE file distributed with this source code.
- */
-declare(strict_types=1);
-
-namespace Ibexa\Bundle\AdminUi\EventSubscriber;
-
-use Ibexa\Contracts\AdminUi\Controller\Controller;
-use Symfony\Component\EventDispatcher\EventSubscriberInterface;
-use Symfony\Component\HttpKernel\Event\ControllerArgumentsEvent;
-
-/**
- * Performs access check to backoffice controllers.
- */
-final class PerformAccessCheckSubscriber implements EventSubscriberInterface
-{
-    public function onControllerArgumentsEvent(ControllerArgumentsEvent $event): void
-    {
-        $controller = $event->getController();
-        if (is_array($controller) && $controller[0] instanceof Controller) {
-            $controller[0]->performAccessCheck();
-        }
-    }
-
-    public static function getSubscribedEvents(): array
-    {
-        return [
-            ControllerArgumentsEvent::class => 'onControllerArgumentsEvent',
-        ];
-    }
-}
diff --git a/src/bundle/Resources/config/services/events.yaml b/src/bundle/Resources/config/services/events.yaml
index a9787b4e3a..28316fa85b 100644
--- a/src/bundle/Resources/config/services/events.yaml
+++ b/src/bundle/Resources/config/services/events.yaml
@@ -10,10 +10,6 @@ services:
         tags:
             - { name: kernel.event_subscriber }
 
-    Ibexa\Bundle\AdminUi\EventSubscriber\PerformAccessCheckSubscriber:
-        tags:
-            - { name: kernel.event_subscriber }
-
     Ibexa\AdminUi\EventListener\RequestListener:
         arguments:
             - '%ibexa.site_access.groups_by_site_access%'
diff --git a/src/contracts/Controller/Controller.php b/src/contracts/Controller/Controller.php
index e9ef062c95..ea2231c748 100644
--- a/src/contracts/Controller/Controller.php
+++ b/src/contracts/Controller/Controller.php
@@ -9,15 +9,14 @@
 namespace Ibexa\Contracts\AdminUi\Controller;
 
 use Ibexa\Contracts\Core\Repository\Values\Content\Location;
+use Ibexa\Contracts\User\Controller\AuthenticatedRememberedCheckTrait;
+use Ibexa\Contracts\User\Controller\RestrictedControllerInterface;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\RedirectResponse;
 
-abstract class Controller extends AbstractController
+abstract class Controller extends AbstractController implements RestrictedControllerInterface
 {
-    public function performAccessCheck(): void
-    {
-        $this->denyAccessUnlessGranted('IS_AUTHENTICATED_REMEMBERED');
-    }
+    use AuthenticatedRememberedCheckTrait;
 
     public function redirectToLocation(Location $location, string $uriFragment = ''): RedirectResponse
     {