RBAC with Business Rules & Access Control Filter

Hi All,

I’m just trying to do a quick RBAC setup using the access control filter and Yii’s built-in RBAC system, but I seem to have come upon a stumbling block.

I have a business rule, much like the ones in the examples, which allows some users general access and others access to a user to update their own data (or other sub-sets of data). The problem is that allowing a user by rule using the access control filter does not seem to offer any opportunity to add some params for the business rule to use.

Am I missing something?

I can think of an easy way to add them, by adding a ‘params’ element to the rule array (beside ‘roles’, ‘actions’, etc.), and am surprised it’s not catered for already.

Something like:

class AccessRule extends CAccessRule {

    public $params = array();

    protected function isRoleMatched($user)


// Pass $params to $user->checkAccess as the second argument





Generally you have data that is suitable to be passed into RBAC as parameters only during execution of the action itself. Getting the same data during access checking for all actions will be inefficient. That’s why there’s no way to pass this data from accessRules.