RBAC implementation, interface IAuthManager

Hi everyone,

I’m thinking on RBAC implementation for the project I work on.

The main problem is users in my system can have different roles assigned to him/her (a user can participate in different groups with a different role for each group).

My idea was to add a group_id field to an authAssignment table and to overwrite all needed methods in CDbAuthManager (to add support for this field), but the problem is I don’t know how to pass group_id parameter, as implemented interface IAuthManager doesn’t support such possibility.

The second variant – to create a separate table roleUserGroup, to store relations between users-groups-roles, but it looks a bit redundant for me, as the same information can be stored (and logically should) in a table authAssignment.

If you have ideas on this question, you’re very welcome to share them.

Thank you,


Okay, I decided to try the first variant, and to pass additional (not declared in the interface) parameter. If it will be set to null/false in a method signature then I won’t get any errors (IAuthManager will be considered implemented correctly as long as initially declared parameters are on theirs places).

Hope it was a correct decision, will see :)

Maybe you can use bizRule for roles, to determine if user will get a role in particular group or not.

Yes, that was my second variant I wrote about (well, I didn’t described it in details, but bizRules are used there, of course).