Simple RBAC

If you are the one who need simple Role based access control without the long RBAC process then this article is just for you. Lets jump to the point.

On your user table make a column named 'roles'

When you add users you can assign them different roles like 'Admin' / 'user' / 'staff' etc etc.

On your UserIdentity.php file write something like..

class UserIdentity extends CUserIdentity
    private $id;
    public function authenticate()
        else if($record->password!==md5($this->password))
            $this->setState('roles', $record->roles);            
        return !$this->errorCode;
    public function getId(){
        return $this->id;

The important line is $this->setState('roles', $record->roles);

You are just adding user roles to their session.

Now, make a Utils.php file under protected/components directory and implement a simple Role check function based on how many roles you have.


class Utils{
	public function isAdmin(){
			return false;
		else if(Yii::app()->user->roles == 'Admin')
			return true;
			return false;
	public function isUser(){
			return false;
		else if(Yii::app()->user->roles == 'User')
			return true;
			return false;


And now, from your controller accessRules() function try something like

public function accessRules()
	return array(
		array('deny',  // deny all users

Here I just protect my AdminController.php from other roles than Admin. Basically from AdminController.php file accessRules() function it checks the users Roles written in Utils.php file.

You can also use just one menu for all users based upon different roles. for example

<?php $this->widget('zii.widgets.CMenu',array(
				array('label'=>'Users', 'url'=>array('/manageUser/admin'), 'visible'=>Utils::isAdmin()),
				array('label'=>'Ideas', 'url'=>array('/manageIdea/admin'), 'visible'=>Utils::isAdmin()),
				array('label'=>'Page Editor', 'url'=>array('/admin/pageeditor'), 'visible'=>Utils::isAdmin()),
				array('label'=>'Your Ideas', 'url'=>array('/userarea/ideaList'), 'visible'=>Utils::isUser()),
				array('label'=>'Add new idea', 'url'=>array('/userarea/create'), 'visible'=>Utils::isUser()),
				array('label'=>'Login', 'url'=>array('/site/login'), 'visible'=>Yii::app()->user->isGuest),
				array('label'=>'Logout ('.Yii::app()->user->name.')', 'url'=>array('/site/logout'), 'visible'=>!Yii::app()->user->isGuest)
		)); ?>

I hope this little code will help you
