CakeDC Users Plugin does not read permissions.php

i’m trying to make use of the cakeDC Users-Plugin 8.5.1 in a cakephp 3.8 but all i get is a message ‘you are not allowed to access that location’. I 'm using simple RBAC followed the instruction according the documentation on github. it seems the config/permissions.php is not read because when i write some bad syntax in this file nothing changes - no error messages. instead same behavior ‘you are not allowed …’

Here is what i did:
i used composer to install the plugin.
Since i use cakephp 3.8 the plugin is added in Application.php. At this point the documentation is not clear. There are two variants:




is the order relevant?

In the AppController.php initialize() i inserted

$config['Auth']['authorize']['Users.SimpleRbac'] = [
        //autoload permissions.php
        'autoload_config' => 'permissions',
        //role field in the Users table
        'role_field' => 'role',
        //default role, used in new users registered and also as role matcher when no role is available
        'default_role' => 'user',
         * This is a quick roles-permissions implementation
         * Rules are evaluated top-down, first matching rule will apply
         * Each line define
         *      [
         *          'role' => 'admin',
         *          'plugin', (optional, default = null)
         *          'controller',
         *          'action',
         *          'allowed' (optional, default = true)
         *      ]
         * You could use '*' to match anything
         * Suggestion: put your rules into a specific config file
        'permissions' => [], 
        $this->loadComponent('CakeDC/Users.UsersAuth', $config);

For the users table i have my own uprofiles table which contain the columns the plugin needs.
So in my UprofilesController.php i added the code to use the traits which come with the plugin.

In the config/users.php i changes the name of the table to ‘uprofiles’ and the name of the controller to ‘Uprofiles’.
The Auth part in the users.php is

  'Auth' => [
        'loginAction' => [
            'plugin' => 'CakeDC/Users',
            'controller' => 'Users',
            'action' => 'login',
            'prefix' => false
        'authenticate' => [
            'all' => [
                'finder' => 'auth',
        'authorize' => [

What is wrong ? Can someone help me?
I also tried to setup a superuser with the bake tool. That didn’t work. Or is that tool only for the plugins standard users table?

Thank you for help