yii2 rbac check for role user->can()

i installed and configured rbac in yii2 with DBManager but i don’t get the “check” working with:

if (Yii::$app->user->can('waitAccess')) {

    echo "yes it is pending.";

} else {

    echo "nothing";


I made 3 users with my different roles but each of them is able to see the first line despite they don’t have the permission. “In my opinion”

This here is my rbacController


namespace console\controllers;

use Yii;

use yii\console\Controller;

class RbacController extends Controller


public function actionInit()


    $auth = Yii::$app->authManager;

    // add "user2View" permission

    $user2View = $auth->createPermission('user2View');

    $user2View->description = 'user2 view';


    // add "user1View" permission

    $user1View = $auth->createPermission('user1View');

    $user1View->description = 'user1 view';


    // add "waitAccess" permission

    $waitAccess = $auth->createPermission('waitAccess');

    $waitAccess->description = 'wait for Access';


    // add "seeConfig" permission

    $seeConfig = $auth->createPermission('seeConfig');

    $seeConfig->description = 'Access to the administrative Config';


    // add "user2" role and give this role the "user2View" permission

    $user2 = $auth->createRole('user2');


    $auth->addChild($user2, $user2View);

    // add "user1" role and give this role the "user1View" permission

    $user1 = $auth->createRole('user1');


    $auth->addChild($user1, $user1View);

    // add "pending" role and give this role the "waitAccess" permission

    $pending = $auth->createRole('pending');


    $auth->addChild($pending, $waitAccess);

    // add "superadmin" role and give this role the "seeConfig" permission

    $superadmin = $auth->createRole('superadmin');


    $auth->addChild($superadmin, $seeConfig);

    $auth->addChild($superadmin, $user2View);

    $auth->addChild($superadmin, $user1View);

    $auth->addChild($superadmin, $waitAccess);



Maybe anyone have a clue what I can look for.

You can try use Yii2-admin widget to save your time, thx.

I testing in my demo, it working RBAC fine, thx.

But it doesn’t solve the problem concretely. It is neat that you advice this but I want to understand and work with yii as long as it is so suitable for my tasks.

So solving a problem will avoid making the same mistakes again and again.

In addition I tried it again with all my permissions. Nothing changed.

It just can be my tables, but rebuilding them came up with the same result.

Can anybody approve that my permission role code above is correct?

did you try to understand example n the guide first?

I got through with this doc: authorisation

When yii checks for the permission is there something I can take a look on in the debug console?

Or is there anything I forgot about?

At the end there are 4 tables filed with my rules and this in common/config/main.php

        'authManager' => [

            'class' => 'yii\rbac\DbManager',

            'defaultRoles' => ['superadmin', 'councel', 'company', 'pending'],


In my case the problem was here:

    'authManager' => [

            'class' => 'yii\rbac\DbManager',

            'defaultRoles' => ['superadmin', 'councel', 'company', 'pending'],


for all default roles Yii::$app->user->can(‘some_role/permission’) always returns true, so I just deleted defaultRoles and it started work correctly