only admin can access backend section

hi there

where to check user authentication and only let admin user can access to backend section?

thanks for reply ?

its not the answer,i know rbac but dont know where in my code use it to prevent casual users can come in backend section

After you have setup the RBAC, you can set the limit in the site controller.


  public function behaviors()


        return [

            'access' => [

                'class' => AccessControl::className(),

                'rules' => [


                        'actions' => ['index'],

                        'allow' => true,

                        'roles' => ['admin'],





In case of advanced app you can even do it without RBAC at all (of course if you don’t need RBAC for other purposes).

You can just have 2 different models for frontend and backend users with 2 DB tables (to avoid duplication they may extend from some common User model).

i have 3 level of users




by this structure i think its better to use rbac and shared one table for all users

do you think is it good ? or im wrong?

i only want let registered users to access my controllers in backend(for now with out rbac)

how can i do it with out implementing behaviors() function in every controller