could someone explain me how yii2-admin works??

Yes. It depends on how exactly you have it configured.

  1. If you just load the module and not the Access filter, then it gives you the basic admin pages to configure rbac in the database. There is no top-level menu though for these pages, so you have to access them via admin/permission admin/role admin/assignment etc. (although please create a top menu if you want!).

  2. If you include the configuration for the AccessControl filter, then the admin plugin will deny access to the whole site unless you configure it to 1) allow default access to certain routes in the allowActions property of the config or 2) Configure rbac to allow certain routes for certain roles.

The example config on the plugin page allows everyone access to all the admin pages by default but prevents access to the rest of the site. The instructions say that once you give that route as a permission to a certain role/user, you can then delete admin/* from the config and block access to that too.

It is not clear on the plugin page that it is both an admin tool and an extension to the rbac system but I do find that the route system is a nice way to control access to the site without having to modify every single controller (including those in modules).

Very great module, I used it :)

If you have question let me know

How about dektrium/yii2-rbac along with dektrium/yii2-user, I found them much more user friendly and easier to use?