I prefer more phalcon ACL which is already very good and you can use it very extensive for manging many roles, permissions etc and what exactly they can do. From Phalcon 3 you can use objects in phalcon acl and have extend logic which is great. But always nice to have something new.
@Woiciech yeah also Phalcon ACL is not bad at all! But this package aims to create all the annoying boilerplate (database migrations, models, methods to add/remove roles and permissions) needed to make it dynamical. I have a project for example where I use boh, Phalcon ACL to limit public/private routes and Confer to manage user roles/permissions.
One could even easily setup Phalcon ACL Roles and Permissions using Confer. Just retrieving the Roles and Permissions and then setting the ACL up. They absolutely do not exclude one another :)