controller action access control

esp · October 17, 2016, 8:27am

Hello,

I have a issue I don’t know how to resolve.

I have some controllers and actions I want to give access to specific users.

For example one secretary needs access to reports however the other not. On the contrary the second one needs access to deleting customers while the first one shouldn’t. There are a lot of rules like that in my project but there is no pattern in these cases, so RBAC is rather not an option.

Has anyone of you run into such issue?

Thank you for response

dimis283 · October 17, 2016, 9:53am

Did you looked at this? http://www.yiiframework.com/wiki/771/rbac-super-simple-with-admin-and-user/

softark · October 17, 2016, 10:00am

RBAC IS the option in your case. Just analyze your business demands in a finer-grained level and construct the RBAC hierarchy accordingly.