Authorization Question/Design

I'm creating a web application that has a somewhat complex authorization scheme.  I'm curious if anybody knows whether Yii can handle what I need:

[list type=decimal]

[*]Users can register with the site

[*]A user can belong to one or more organizations

[*]Each organization has its own private data that is not shared among organizations

[*]A user can have different permissions per organization.  In one organization they can be an admin but in another maybe only a volunteer


This will be something like a CRM where organizations can each manage who accesses their data and what permissons each user has. 

Is there a way I can store/retrieve a user's permissions per organization and utilize the existing Yii auth system?

You would probably need to create your own auth system or at least extend the current one

You’re looking for the Yii Groundwork.…ork/tree/master

Features a database powered RBAC. No GUI interface but it supports permissions per-group and group membership which sounds like exactly what you need.