How can I block or deny actions?

I have installed cakephp-4 authentication. I have added a role column in users table. There are three roles, ‘Super Admin’, ‘Admin’, ‘User’. Now if role is ‘user’ or regular user then he can not access /users/add. How can I do this? How can I block /users/add , /users/edit/{id} , /users/delete/{id} for regular users? These are un-authorized actions.

Checkout the authorization plugin: https://book.cakephp.org/authorization/2/en/index.html

Can you please paste example code? Or can you please give a link of youtube video about it?

Sounds like you need to create some policies and use the component. Or maybe this plugin would be helpful, either as a drop-in you can use or as inspiration for your own solution.