what to use ?? yii user module , rbam , rabc, srbac, grbac ??


I started digging the RBAC and user auth trench

and found lots of solutions :)

and when starting testing in my playground

I realised maybe someone has a clear view of relations between :

the yii standard auth manager & rbac solution , yii user ext ,yii-user-management, srbac extension, rbac extension , grbac, RBAM ???

I don’t really understand if they are all complementary ?

or alternative solutions ?

it gets confusing having to many solutions ,

it might be interested in the extension docs to have relation field where

your thoughts and experience interest me to understand in which direction to go ?

I keep reading again and again the descriptions of each of these ,

and feel I wont see the difference unless I test them all,

which might be a bit of a long process

Thanks for your lights


I can only comment with certainty about RBAM - this provides an interface to Yii’s RBAC system; it does not do any user management. I think (though may be wrong) that this is true for Rights and SRBAC (please correct if this is wrong), and all of these require a user management solution.

As to which is best? I of course have a preference, and I’m sure the authors of other extensions do as well :D , so perhaps we are not the best people to comment. Reading about them will only get you so far, and my suggestion is to try them and see which one you like.

And i can only comment with certainity about yii-user-management :)

So. The Yii-user-management advantages is that it has a lot of features. It should be called yii-social-network almost. It has friendship, profiles, profile comment, avatar upload, registration (with email confirmation), usergroups, Role and access Control (a mixture of RBAC and a unique permission , membership system (pay for extra-features)system) and even more!

And this is also its disadvantage. It is bloated! So when you want to start a project that needs features mentioned above, you can take it as a good base, since much is already "done", and quite "stable".

If you “only” want a user management system, you should rely on the smaller extensions out there, like yii-user. (without ‘management’).

Of course, all this functions can be disabled (or simply removed for your specific project) easily. But it may be easier to start from scratch with one of the smaller extensions.

You can simply install the yii-user-management on a test installation, click around 5 minutes and you will see if it suits your needs. Of course do this for the other extensions, too. It shouldnt take a long time.

But if you decide, please send bug reports, ideas, enhancements etc. at the google code issue tracker (code.google.com/p/yii-user-management) cause this extension still is hot for me, and i plan to enhance and continue it ;)

As we all can see SRBAC is the pioneer of the RBAC.

There was no module for user Authentication and Management at that time - GRBAC came in as a base to start my prototype applications.

It is sad that I never could devote more time to make it better. Now there are many other solutions.

The newest kid on the block is UserGroups:


It does user, groups and rights management, and is pretty lean.

So many choices. :)

May I suggest that you take 4 for a test run and choose the one you like the best.

I’ve never found a Framework with a Usermanagement that fits for my needs out-of-the-box.

There is always MANY work to get a starting Point where the application can begin.

The most important question for me is:

Can I TRUST that User Management System?

The always same answer is: NO

Before I find and understand a good foreign Usermanagement System up to last Detail -so that I can Trust them-

– my own is made.

Next there are some security things like password encryption, hash generation, password transportation from Browser to Server which are mostly totally bad or just not implemented. That all must be fixed for your needs.

I have made this plugin, but would I trust it?

May be…but surely not directly!

My Rbac-Manager Plugin is hard to get working for most but thats ok. Use much time to study such very sensible things like security systems. You must be able to fix any Bug that may appear.

Those are a bunch of diffrent extensions related to user stuff :P which one to choose… god I dunno.

I have tried Yii user, Yii-user-management (tydeas wrote the perfect answer on that one), usergroups(early stages)and rights.

A good combo to start with seems to be yii-user to get login/signup + rights (which controlls access).

Writing your own is better though… but many, me included had a hard time understanding how to do it in the beginning. But spend your time on it anyway,because like what, 130% of all support questions are regarding an user extension of some sort. Its harder to debug complex code in large extensions you haven’t made yourself then writing a user solution :P

If you do write your own, you can look /take features from the diffrent extensions to.