some kind of basic api, maybe based on annotations. which we can use for access control, for example, i add something like - deny("admin") - before some action in controller and it makes him prohibited for role admin. something like this