diff --git a/container/service.proto b/container/service.proto
index 7df2c66..b174052 100644
--- a/container/service.proto
+++ b/container/service.proto
@@ -27,6 +27,12 @@ service Service {
 
     // List returns all user's containers
     rpc List(ListRequest) returns (ListResponse);
+
+    // SetExtendedACL changes extended ACL rules of the container
+    rpc SetExtendedACL(SetExtendedACLRequest) returns (SetExtendedACLResponse);
+
+    // GetExtendedACL returns extended ACL rules of the container
+    rpc GetExtendedACL(GetExtendedACLRequest) returns (GetExtendedACLResponse);
 }
 
 message PutRequest {
@@ -99,3 +105,42 @@ message ListResponse {
     // CID (container id) is list of SHA256 hashes of the container structures
     repeated bytes CID = 1 [(gogoproto.customtype) = "CID", (gogoproto.nullable) = false];
 }
+
+message ExtendedACLKey {
+    // ID (container id) is a SHA256 hash of the container structure
+    bytes ID = 1 [(gogoproto.customtype) = "CID", (gogoproto.nullable) = false];
+}
+
+message ExtendedACLValue {
+    // EACL carries binary representation of the table of extended ACL rules
+    bytes EACL      = 1;
+    // Signature carries EACL field signature
+    bytes Signature = 2;
+}
+
+message SetExtendedACLRequest {
+    // Key carries key to extended ACL information
+    ExtendedACLKey Key                       = 1 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+    // Value carries extended ACL information
+    ExtendedACLValue Value                   = 2 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+    // RequestMetaHeader contains information about request meta headers (should be embedded into message)
+    service.RequestMetaHeader Meta           = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+    // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
+    service.RequestVerificationHeader Verify = 99 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+}
+
+message SetExtendedACLResponse {}
+
+message GetExtendedACLRequest {
+    // Key carries key to extended ACL information
+    ExtendedACLKey Key                       = 1 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+    // RequestMetaHeader contains information about request meta headers (should be embedded into message)
+    service.RequestMetaHeader Meta           = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+    // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
+    service.RequestVerificationHeader Verify = 99 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+}
+
+message GetExtendedACLResponse {
+    // ACL carries extended ACL information
+    ExtendedACLValue ACL = 1 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+}
diff --git a/proto-docs/container.md b/proto-docs/container.md
index f0188ca..fd89acd 100644
--- a/proto-docs/container.md
+++ b/proto-docs/container.md
@@ -10,12 +10,18 @@
   - Messages
     - [DeleteRequest](#container.DeleteRequest)
     - [DeleteResponse](#container.DeleteResponse)
+    - [ExtendedACLKey](#container.ExtendedACLKey)
+    - [ExtendedACLValue](#container.ExtendedACLValue)
+    - [GetExtendedACLRequest](#container.GetExtendedACLRequest)
+    - [GetExtendedACLResponse](#container.GetExtendedACLResponse)
     - [GetRequest](#container.GetRequest)
     - [GetResponse](#container.GetResponse)
     - [ListRequest](#container.ListRequest)
     - [ListResponse](#container.ListResponse)
     - [PutRequest](#container.PutRequest)
     - [PutResponse](#container.PutResponse)
+    - [SetExtendedACLRequest](#container.SetExtendedACLRequest)
+    - [SetExtendedACLResponse](#container.SetExtendedACLResponse)
     
 
 - [container/types.proto](#container/types.proto)
@@ -46,6 +52,8 @@ rpc Put(PutRequest) returns (PutResponse);
 rpc Delete(DeleteRequest) returns (DeleteResponse);
 rpc Get(GetRequest) returns (GetResponse);
 rpc List(ListRequest) returns (ListResponse);
+rpc SetExtendedACL(SetExtendedACLRequest) returns (SetExtendedACLResponse);
+rpc GetExtendedACL(GetExtendedACLRequest) returns (GetExtendedACLResponse);
 
 ```
 
@@ -80,6 +88,20 @@ List returns all user's containers
 | Name | Input | Output |
 | ---- | ----- | ------ |
 | List | [ListRequest](#container.ListRequest) | [ListResponse](#container.ListResponse) |
+#### Method SetExtendedACL
+
+SetExtendedACL changes extended ACL rules of the container
+
+| Name | Input | Output |
+| ---- | ----- | ------ |
+| SetExtendedACL | [SetExtendedACLRequest](#container.SetExtendedACLRequest) | [SetExtendedACLResponse](#container.SetExtendedACLResponse) |
+#### Method GetExtendedACL
+
+GetExtendedACL returns extended ACL rules of the container
+
+| Name | Input | Output |
+| ---- | ----- | ------ |
+| GetExtendedACL | [GetExtendedACLRequest](#container.GetExtendedACLRequest) | [GetExtendedACLResponse](#container.GetExtendedACLResponse) |
  <!-- end services -->
 
 
@@ -104,6 +126,53 @@ via consensus in inner ring nodes
 
 
 
+<a name="container.ExtendedACLKey"></a>
+
+### Message ExtendedACLKey
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| ID | [bytes](#bytes) |  | ID (container id) is a SHA256 hash of the container structure |
+
+
+<a name="container.ExtendedACLValue"></a>
+
+### Message ExtendedACLValue
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| EACL | [bytes](#bytes) |  | EACL carries binary representation of the table of extended ACL rules |
+| Signature | [bytes](#bytes) |  | Signature carries EACL field signature |
+
+
+<a name="container.GetExtendedACLRequest"></a>
+
+### Message GetExtendedACLRequest
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Key | [ExtendedACLKey](#container.ExtendedACLKey) |  | Key carries key to extended ACL information |
+| Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
+| Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
+
+
+<a name="container.GetExtendedACLResponse"></a>
+
+### Message GetExtendedACLResponse
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| ACL | [ExtendedACLValue](#container.ExtendedACLValue) |  | ACL carries extended ACL information |
+
+
 <a name="container.GetRequest"></a>
 
 ### Message GetRequest
@@ -179,6 +248,27 @@ via consensus in inner ring nodes
 | ----- | ---- | ----- | ----------- |
 | CID | [bytes](#bytes) |  | CID (container id) is a SHA256 hash of the container structure |
 
+
+<a name="container.SetExtendedACLRequest"></a>
+
+### Message SetExtendedACLRequest
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Key | [ExtendedACLKey](#container.ExtendedACLKey) |  | Key carries key to extended ACL information |
+| Value | [ExtendedACLValue](#container.ExtendedACLValue) |  | Value carries extended ACL information |
+| Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
+| Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
+
+
+<a name="container.SetExtendedACLResponse"></a>
+
+### Message SetExtendedACLResponse
+
+
+
  <!-- end messages -->
 
  <!-- end enums -->