Yii 1.1: singledbauthmanager

An extended CDbAuthManager class that makes only 3 database queries for each client request

Short summary: it does same thing with the DB as CPhpAuthManager with the file - instead of constantly reading from it, it reads it whole into the memory once.

When traversing the auth item tree (graph), CDbAuthManager often fetches items in separate queries. This is especially true in case of checkAccess, which runs in a recursion. Another example is fetching all auth items in some auth managment module.

This extension intends to reduce the total number of queries. It provides an overloaded CDbAuthManager class that will make only 3 database queries for each client request. It fetches whole contents of auth items, children and assignment tables into a tree structure stored in the class.

This structure is updated along calling modification methods like 'assign', 'createAuthItem' etc.

Usage scenarios

Let's define a few parameters:

  • auth items graph width - number of item groups, ex. four items (CRUD) for each model in application
  • auth items graph height - usual number of items to traverse when checking access, ex. read anything -> read Posts -> read own Posts -> user assignment

Speed up checkAccess

Checking access requires recursive upward traversing of the auth graph. If the usual number of elements is not too great, the benefit of traversing a PHP array instead of fetching each item in a distinct query will not be too noticable.

But combined with checking access for a number of models on a single page would make it matter.

Best if combined with checkAccess implementation that caches results, like in the auth module

After checkAccess results are cached, even when refreshing the page the whole items graph will not be loaded, because checkAccess will not fetch any items.

Reading assignments for all users, not only the current one, shouldn't generate too much overhead.

Speed up auth module

This is one use case where all auth items are read from the database.

Loading all of them in a single query is an obvious performance increase.

Other notes

Caching the whole items structure is not needed in normal usage scenarios when using checkAccess caching as in the auth module.


  • PHP >= 5.3


Drop the class file into components.

Add in config file:

'authManager' => array(
    'class' =>'SingleDbAuthManager',
    // .. rest of your old options

When using along the auth module add this import at the top of the file and change base class, like:

/** .... */
class SingleDbAuthManager extends CachedDbAuthManager
    // ...


Please post bugs to:

Total 3 comments

#11768 report it
nineinchnick at 2013/02/02 11:30am

In current state this would help only when fetching all items, like the auth module does.

Fetching and processing all items creates an overhead. It could be cached in session, but this still leaves overhead in serializing/deserializing.

I'm thinking of adding a mode when checkAccess would fetch an auth item and some of it's parents, like 2 or 3 generations. Or maybe start from user assignments and go down. I need to build some benchmarks to test it.

#11767 report it
acorncom at 2013/02/02 10:57am
Saves on database queries

I imagine it's because the normal RBAC DB queries are fairly inefficient. This would limit the number of hits to the DB needed

#11766 report it
realtebo at 2013/02/02 10:03am
Can add an explanation / motivation ?

What is the reason to use this extension ?

It's not a sarcastic question... probably i'm not able to understand the goal.

What's the advantage using this approach?

Leave a comment

Please to leave your comment.

Create extension