id() == RoleInterface::ANONYMOUS_ID || $entity->id() == RoleInterface::AUTHENTICATED_ID) { return AccessResult::forbidden(); } default: return parent::checkAccess($entity, $operation, $account); } } }