Symfony uses a very flexible voter approach to grant access for a user. As this is often based on domain-specific requirements and decisions, the voters that come with Symfony are very basic. I would even argue that it’s better if you not use them, and only rely on custom security voters.