symfony

What is the best way to organize authorization in the form User -> Roles -> Permissions in Symfony?

Hello.
The plans are to rewrite CRM with very bad code.
It will be written in symphony, the most tricky question for me is authorization.
The requirements are as follows:
- the user cannot register or change the password himself (creates / changes only the superadmin, or the administrator for a specific role group)
- the inheritance of roles is very desirable (something from the series: the superadmin inherits absolutely all permissions of all roles, some group inherits the permissions of this group + some additional ones are already assigned to it)
- all users, roles and permissions naturally lie in the database
- the ability to configure the belonging of users to roles, and roles to permissions by admins within their subordinate role groups
- a big question, but dynamic creation of permissions is considered when creating a new section/page
Is it worth using FOSUserBundle, at first glance it is quite redundant for my task?
The same applies to the standard ACL - as far as I understand, out of the box it only works with tokens, and this leads to the Cartesian product of half of the users / roles and half of the permissions, which greatly complicates the already complicated logic.
If possible, answer in detail, justified and based on personal experience.
Thanks :)