I integrated the Sonata Admin Bundle with ACL, and have the following configs:

config.yml

sonata_admin:
    security:
       handler: sonata.admin.security.handler.acl

       # acl security information
       information:
           GUEST:    [VIEW, LIST]
           MAINTAINER:    [EDIT, LIST]
           STAFF:    [EDIT, LIST, CREATE]
           EDITOR:   [OPERATOR, EXPORT]
           ADMIN:    [MASTER]

      # permissions not related to an object instance and also to be available when objects do not exist
      # the DELETE admin permission means the user is allowed to batch delete objects
      admin_permissions: [CREATE, LIST, DELETE, UNDELETE, EXPORT, OPERATOR, MASTER]

      # permission related to the objects
      object_permissions: [VIEW, EDIT, DELETE, UNDELETE, OPERATOR, MASTER, OWNER]

security.yml

security:

role_hierarchy:
    ROLE_OPERATOR:
        - ROLE_ADMIN_BOOKING_ADMIN
        - ROLE_ADMIN_PAYMENT_ADMIN

The flow is we create a booking object via BookingAdmin class and in postPersist doctrine event listener I create the payment Object.

$payment = new Payment();
//... set here
$this->entityManager->persist($payment);
$this->entityManager->flush();

The problem is in list I'm not able to see the edit button, but I can delete.

And when run manual the command:

php bin/console sonata:admin:generate-object-acl

after that I'm able to see the edit button.

What I do wrong here ? Because I'm logged with the same user.

EDIT

After few research I found the next problem https://sonata-project.org/bundles/admin/2-3/doc/reference/security.html#acl-and-friendsofsymfony-userbundle

A listener must be implemented that creates the object Access Control List with the required rules if objects are created outside the Admin

What this mean, and how I should do in listener to take the correct ACL role?