Skip to content
Switch branches/tags


Failed to load latest commit information.
Latest commit message
Commit time

Yii Role-Based Access Control Library

This package provides RBAC (Role-Based Access Control) library. It is used in Yii Framework but is supposed to be usable separately.

Latest Stable Version Total Downloads Build status Scrutinizer Code Quality Code Coverage Mutation testing badge static analysis type-coverage


composer require yiisoft/rbac

Basic usage:

Create an instance

$manager = new Manager($storage, new ClassNameRuleFactory());

In the directory config will contain permissions and rules.

Create permissions

$manager->addPermission(new Permission('createPost'));
$manager->addPermission(new Permission('readPost'));
$manager->addPermission(new Permission('deletePost'));

After executing this code, this configuration will be saved in ../config/items.php

Create roles

$manager->addRole(new Role('author'));
$manager->addRole(new Role('reader'));

Attach permissions to roles




Assign role to user

$userId = 100;
$manager->assign($storage->getRoleByName('author'), $userId);

After executing this code, this configuration will be saved in ../config/assignments.php

Check permissions

In order to check permissions, obtain an instance of \Yiisoft\Access\AccessCheckerInterface and use it:

public function actionCreate(\Yiisoft\Access\AccessCheckerInterface $accessChecker): ResponseInterface
    $userId = getUserId();

    if ($accessChecker->userHasPermission($userId, 'createPost')) {
        // author has permission createPost

Usage rules

$manager->addRule(new ActionRule());
    (new Permission('viewList'))->withRuleName('action_rule')

The role will also support the rules.

Rule example

class ActionRule extends Rule
    public function __construct()

    public function execute(string $userId, Item $item, array $parameters = []): bool
        return isset($parameters['action']) && $parameters['action'] === 'home';

Check permissions with rule

$anotherUserId = 103;
if (!$manager->userHasPermission($anotherUserId, 'viewList', ['action' => 'home'])) {
    echo 'reader not has permission index';


Storage Description
PhpStorage PHP file storage

Unit testing

The package is tested with PHPUnit. To run tests:


Mutation testing

The package tests are checked with Infection mutation framework. To run it:


Static analysis

The code is statically analyzed with Psalm. To run static analysis:


Support the project

Open Collective

Follow updates

Official website Twitter Telegram Facebook Slack


The Yii Role-Based Access Control Library is free software. It is released under the terms of the BSD License. Please see LICENSE for more information.

Maintained by Yii Software.