Configuring Authorization Manager


I want to configure the Authorization management using a table in my database. How to implement?

I read this post, but I did not understand.

Thank you.

According to the documentation of CDbAuthManager, you should create the table for the auth manager following the description of this file.

Once you have got the table (you are not required to create any model) you can create the role herarchy following the instruction of the definitive guide (the post you cited).

Just write a simple action in some controller with the instruction for create the herarchy, run once and then delete.

Once this is done, you can assign roles to user and check the access permission in your code.

Thank you zaccaria,

how we can assign roles to the user (I have a table called "user") and verify authorization to access ?

(Is the AuthItem table must be linked to User table?)

You don’t have to link the table.

The assign /checkAccess uses simply the username, you have to pass it as parameter:

Yii::app()->authManager->assign('admin', $user->userId);

if (!Yii::app()->authManager->checkAccess('admin', $user->userId))

    throw new Exception;

Also CWebUser has the checkaccess method, so you can check as:


what about "Access control filter" ? Should I delete functions "filters" and "AccessRule" in all controllers ?

and where we put the "Access Checking"?

You can use the function filters.

you can write rules using the access rules:

	'actions'=>array('create','update', 'delete'),


That means, that this action will be available only to user wich have been assigned the property admin

other than the restriction by action, I must make restrictions by module (eg assign a user to manage invoices and management regulations only). How could I do?

You can edit the class module name and add a check:


class AdminModule extends CWebModule


	public function init()


		// this method is called when the module is being created

		// you may place code here to customize the module or the application

		// import the module-level models and components






	public function beforeControllerAction($controller, $action)


		if(parent::beforeControllerAction($controller, $action))


			if (Yii::app()->user->isGuest)


			return true;



			return false;



Instead of Yii::app()->user->isGuest you can do Yii::app()->user->checkAccess(‘admin’), for example.