Problem with RBAC


I’m using yii2 rest api for my project. In that, authentication done using QueryParamAuth. Now I want to check the url access based on the user role.

Using DbManager, i generated the tables and config in the config/main.php.

Configuration like,

'authManager' => [

            'class' => 'yii\rbac\DbManager',

            'defaultRoles' => ['guest'],


For checking the url, if I use beforeAction it validate before the behaviors. So it always return as guest.

Anyone have solution for this?