Access Control/security Approach

Just wondering if this is a flaw in my application. For controller access rules I use something like this:

array(  'allow',  



	'expression'=>'in_array($user->type, AuthTypes::$internalTypes))',


and the same kind of thing for visible menu options:



   'visible'=>in_array(Yii::app()->user->type, AuthTypes::$clientTypes)



with the types being defined like:

class AuthTypes extends CActiveRecord


     public static $internalTypes = array(1,2,3,10);

     public static $clientTypes = array(4,7,9);



Is there any problem with this? It’s worked so far, and seems pretty scalable to me, but what do you think?