@Andrew Clarke & Nikolaos Dimopoulos
Thank for your help !
I mentioned in my question before , I found ACL in official documents.
I just wonder does Phalcon support RBAC ( Role-based Access Contron) belong to ACL ( access control list) ?
In my app, belong to Roles ( user, manager, admin), I have another business roles ( Ex: manager, developer, designer ... on specific project)
Vokuro is also great ! But we have only roles with system's resources.
Anyway, I will try to implement business rules with ACL.