RBAC with wildcard subdomains

Hey Guys

So i’m building a service where I’m implementing wildcard subdomains, so when you sign up the first user gets an admin account on say example.service.com.

He or she can then add users with different roles to that mini site. i’m using wildcard subdomains and routing to allow this to happen without separate yii installs.

If someone adds an email address of someone already in the system to their mini site in whatever role, they should then be able to log onto that minisite with that role, for that mini-site. so maybe I am an admin on example.service.com but just a user on example2.service.com

Now I can make this work pretty easily with a hand rolled group table.

I just have 3 tables, group site and user and then a join table called site_user_group where I can specify what group a user is part of for a particular site, the site being the subdomain part of things.

I’d rather use the built in auth manager though, as the RBAC design seems like a really nice way to do things. I see from the Mysql schema that AuthAssignment relates to userid , is there any way I could alter the Authmanager so I could relate an Authassignment to a user and a ‘site’ as defined above easily? Sorry for asking this, I’ve been thinking about it for a while but just can’t seem to come up with an easy solution.



you can you the $bizRule to make this

Surely that is a really messy way of implementing permissions across multiple instances? I see Qiang advocates that as a solution Here:

However I have to agree with Marius when he says:

I see there was no reply. I don’t know maybe I’m being extremely dense here, but using bizRules to make this work seems really messy. So you’d set multiple roles of the same type for a user theoretically on different subsites, the only thing letting you know i user A has a certain role on site A is one of those role entries bizRule evaluates to true? How then would you retrieve a list of Roles for a user on a specific site?

Does anyone have any thoughts on this:)

Hope you are all having a great day.



I’m experimenting using Yii for my site, where users sign up, and have their own, unique, subdomain. Among users of an organization, there are multiple permission layers. How did you solve this issue?