Hello! My webpage is for teams. I created 15 permissions e.g. createMember, updateMember, deleteMember, uploadDocument,… Each team should be able to create their own roles, define permissions an assign them to their members. Is this possible with RBAC? Or are there simpler solutions?
You could do this using a mixture of basic RBAC and the rules functionality: http://www.yiiframework.com/doc-2.0/guide-security-authorization.html
You could have a rule that is something like "IsManagerOfUser" which is evaluated before the operation is allowed.
The example in the guide is for postAuthor, search the link for "Using Rules"