public function checkAcl(MvcEvent $e) { $route = $e->getRouteMatch()->getMatchedRouteName(); //you set your role $userRole = SessionManager::getRol(); if ($route == 'auth') { return; } if ($e->getViewModel()->acl->isAllowed($userRole, $route)) { return; } else { $response = $e->getResponse(); //location to page or what ever $response->getHeaders()->addHeaderLine('Location', $e->getRequest()->getBaseUrl() . '/404'); $response->setStatusCode(404); } }