rbam does NOT support arbitrary auth managers extended from CDbAuthManager and CPhpAuthManager

From the rbam extension manual:

(emphasis added).

That’s untrue, especially the part “and authorisation managers extended from them”, which should be removed from the documentation.

Indeed, it should be replaced by an explicit warning that RBAM will work with both CDbAithManager and CPhpAuthManager but may not work at all with authorization managers extended from them.

Instead of using the methods defined in the IAuthManager interface to access authorisation data, Rbam uses some dirty low-level code that depends on heavy assumptions about how authorisation data is stored. These assumptions are correct for CDbAuthManager and CPhpAuthManager, but may be not for your own auth manager that extends one of those two classes and overrides the interface methods.

So, if you write your own authManager extending CDbAuthManager or CPhpAuthManager and override some of the interface methods to fit your own needs, you may get unexpected results. Even though you have overridden some of the methods defined in the IAuthManager interface, the rbam module will often "bypass" your method and retrieve the data via its own method, which mimic the way the unextended CDbAuthManager or CPhpAuthManager work.

This has made me waste a lot of time, so I hope the authors of the RBAM extension (who seem to be unreachable, since their home page is dead) will consider making this explicit in the documentation (if not fix it which I guess may be quite difficult).

Now a question: does anybody know of another auth management interface that does not suffer from this limitation?