I'm currently developing a web application, that provides some 'service' to the user. The user will have to select a 'plan' according to which she/he will be allowed to perform application specific actions but up to a limit defined by the plan.
A Plan will also limit access to certain features, which will not be available at all for some plans.

As an example : say there are 3 plans, 2 actions throughout the application

• users in plan-1 can perform action-1 3 times, and they can't perform action-2 at all
• users in plan-2 can perform action-1 10 times, action-2 5 times
• users in plan-3 can perform action-1 20 times, action-2 10 times

So i'm looking for the best way to get this done, and my main concerns besides implementing it, are the following(in no particular order)

• maintainability/changeability : the number of plans, and type of features/actions will change in the final product
• industry standard/best practice : for future readiness!!
• efficiency : ofcourse, i want fast code!!

I have never done anything like this before, so i have no clue about how do i go about implementing these functionalities. Any tips/guides/patterns/resources/examples?
I did read a little about ACL, RBAC, are they the patterns that i need to follow?
Really any sort of feedback will help.