difference between access control and role based access control

I have read about the access control and role based access control in "Agile Web Application Developement with Yii1.1 and PHP5" book and I am unable to get the difference between these.

So can anyone one please help me out of this problem…

generally you can control and limit users access to any action in a controller via filters and accessRules function





    /**

 	* @return array action filters

 	*/

    public function filters() {

        return array(

            'accessControl', // perform access control for CRUD operations

        );

    }


    /**

 	* Specifies the access control rules.

 	* This method is used by the 'accessControl' filter.

 	* @return array access control rules

 	*/

    public function accessRules() {

        return array(

            array('allow',

                'actions' => array('create', 'update', 'admin', 'delete'),

                'roles' => array('Operator',),

            ),

             array('allow',

                'actions' => array('index', 'view'),

                'users' => array('username_1',),

            ),

        );

    }



as you can see in my example accessRules return array you give access to ‘create’, ‘update’, ‘admin’, ‘delete’ actions to any users with role = ‘Operator’ many user could have this role. but in the second part we give access to ‘index’, ‘view’ actions only to user with username = username_1

I hope you can understand the differentiation.

Thank you very much.

And i have also a problem in rbac …that i have generated hierarchy by

">>rbac"

command. and I want to give permission like Super admin(all the accessibility),admin(create,view),user(view) but I was unable to do so.

So could you please help me out of this problem?

to use rbac you should follow a simple instruction

  1. define a role for a user for example create a field in your user table in database called ‘role’ with suitable value for each user SuperAdmin, Admin or User

  2. next you should add these lines to your user identity class





$auth = Yii::app()->authManager;

            if (!$auth->isAssigned($user->role, $this->_id)) {

                if ($auth->assign($user->role, $this->_id)) {

                    Yii::app()->authManager->save();

                }

            }



to understand exactly what I say, you can see a copy of my UserIdentity class





<?php


/**

 * UserIdentity represents the data needed to identity a user.

 * It contains the authentication method that checks if the provided

 * data can identity the user.

 */

class UserIdentity extends CUserIdentity {


    // Need to store the user's ID:

    private $_id;

    private $_name;

    private $_username;

    private $_securityKey;

    const ERROR_STATUS_LOCKED=3;


    /**

 	* Authenticates a user.

 	* The example implementation makes sure if the username and password

 	* are both 'demo'.

 	* In practical applications, this should be changed to authenticate

 	* against some persistent user identity storage (e.g. database).

 	* @return boolean whether authentication succeeds.

 	*/

    public function authenticate() {

        $user = Users::model()->findByAttributes(array('username' => $this->username));

        if ($user === null)

            $this->errorCode = self::ERROR_USERNAME_INVALID;

        else if ($user->password !== md5($this->password . Yii::app()->params['saltString']))

            $this->errorCode = self::ERROR_PASSWORD_INVALID;

        else if ($user->status === 'locked')

            $this->errorCode = self::ERROR_STATUS_LOCKED;

        else {

            $this->_id = $user->id;

            $this->_name = $user->name;

            $this->_username = $this->username;

            $auth = Yii::app()->authManager;

            if (!$auth->isAssigned($user->role, $this->_id)) {

                if ($auth->assign($user->role, $this->_id)) {

                    Yii::app()->authManager->save();

                }

            }


            $this->errorCode = self::ERROR_NONE;


            $this->_securityKey = md5(rand(1, 10000));


            $this->_secureLogin();


            $this->setState('securityKey', $this->_securityKey);

        }

        return!$this->errorCode;

    }


    public function getId() {

        return $this->_id;

    }


    public function getName() {

        return $this->_name;

    }


    public function getUsername() {

        return $this->_username;

    }


    protected function _secureLogin() {

        $user = Users::model()->findByPk($this->_id);

        $user->last_visit = time();

        $user->last_ip = ip2long(Yii::app()->request->getUserHostAddress());

        $user->security_key = $this->_securityKey;

        $user->save();

    }


}



please feel free to ask any other question, if you have :)

Thanks=:rolleyes: