For those who feel, the Controller->accessRules() or RBAC (Role-Based Access Control) is too complicated or doesn't want the username(s) to be hard-coded in accessRules(), here is a very simple, easy-to-implement solution.
Yii Framework Wiki
Wiki articles tagged with "accessRules"
Showing 1-2 of 2 items.
Configuring controller access rules to default-deny
Starting with the blog tutorial, Yii developers are familiar with the notion of access rules defined in the controller, where the actions are allowed or denied depending on the user's name or role.
class CommentController extends CController {
public function filters()
{
return array( 'accessControl' ); // perform access control for CRUD operations
}