What exactly are "tasks" in Yii's RBAC?


I’m diving into RBAC while designing new and rather big/complex site.

I’m trying to figure out if to create a “task” or simply an “operation with biz rule”.

Now, I’ve read most if not all existing documentation. The current documentation says that “a task consists of operations”. This wiki article says that the different terms are simply naming conventions and the only limitation that exists is structural one - roles must include tasks (or other roles); tasks should include operations (or other tasks) and operations is the atomic term that is not further composed by other entities.

I’ve also read the relevant sections in the “Agile web dev…” and “Yii cookbook” books - both do not shed further light on this issue (at least as seen through my glasses).

Lets go to my example where I’ll present the question. Actually, lets use an example similar to that demonstrated in most of the documentation resources mentioned above: Lets say I have a blog post and I want/need to have its author be able to “update own post”. Now, why should this be a task as commonly demonstrated in the documentation resources and not an operation with a biz rule?

I think that the question above reveals the inclear definition of a "task" (in the RBAC context of course).

Please help me distill a better definition for an RBAC task.



In this mailing list I’m a member of, I was offerred to view the roles, tasks and operations as follows, in light of an old forum post:

In short and in its simplest form: operations are the basic building blocks. They are the material developers work with and only them. Developers compose tasks of and on top of operations. Roles are composed of tasks, like a set of tasks. Roles and tasks are what the site administrators should play with - assign and revoke to users but not operations.

That’s a nice way to look and grasp those entities (roles, tasks and operations).

Do you have another option to conceptualize differently? Any comments will be appreciated.