If you don’t know, are you sure that you need RBAC?
If your permissions are basic and not role-based, then you can just use basic auth, otherwise use RBAC to define a set of roles with corresponding permissions and rules.
As @jacmoe has suggested, you may say "strong" or "weak" for authentication. But when you talk about authorization, you should say "simple" or "complicated" instead.
So, what do you want your application to have for its authorization feature? Is it simple and fixed, or complicated and dynamic? Do you need it to be configurable via a web UI?
If your application doesn’t need a complex and dynamic authorization, then you should stick to Access Control Filter, because it will save you a lot of time than RBAC. There’s nothing wrong in using a simple approach.
@jacmoe: Thanks for the link to my blog That was the exact though process when I needed RBAC in an application. Not vanilla and not full blown RBAC. Fortunately Yii favors those who learn it
@desatir7316: It is very very easy to complicate the Access Control layer of an application. The best is always to keep it as simple as needed. Yii’s implementation of RBAC hits the sweet spot between “too little” and “too much” and allows you, the developer, to create your own workflows for access control and extend the provided classes to your needs.