how to use RBAC

Please do not introduce an extension and explain the structure of the first

Please write tables must be created in the database.

What configuration file should be defined.

Access level, the group how we define

How to view files and controllers can use this access level defined

hi mr abedi.

I know understanding RBAC and it’s implementation is a bit dizzy.

please do not hesitate and trust me to figure it out I take all my Friday to help you so lets get start.

at first you should refer to "yii\framework\web\auth" folder and find database schema required by CDbAuthManager.

it available in all major DBMS then we can continue our tour:

you can see db schema in attachment.

we define all Role/Operation/Task in "auth_item" table so it may be a quetion what is different between Role/Operation/Task and how we add a Role, Operation or Task record in database.

Role is the exact thing you can see in RBAC and you can define a role in auth_item by adding a record with type=2

Operation and Task type is 0 and 1.

but what is different between operation and task? A task is simply a composition of operations a user can do that have something in common. So you have for example operations oList, oView, oCreate and oUpdate these are the operation developer assigns to controller actions for access control, where the first two are only read- and the second two have write access to data (that’s what they have in common). So you now want to combine those to tasks tInspect and tManage which both hold 2 operations, the first one can list and view and the second one can create and update. Optionally you could make tInspect a sub-task of tManage so a user that has tManage can list, view, update and create but normally you just give his role both tasks.

ok mr abedi I hope these intro be helpful for you to start please be in touch and read more and more to understanding RBAC in yii clearly.

I continue this as soon as possible in the the upcoming week.

thanks alot ramin farmani


how to use bizrule and data (mysql field in authitem table) !?