I have been investigating the best method to create a complex permission based system and I am using the Yii2 framework and noticed it includes good RBAC support, however I am not sure if it is right for my situation.
What I am looking for I guess is similar to what a forum system would use where you can make groups and then you can select what permissions each of those groups are allowed to do.
I have noticed that with RBAC that you add your roles and if you add and admin and a author for example you can then add the author as a child of admin and then admin can do everything authors can + whatever other permissions you give them.
Do you have to do it like this or can you do all the permissions separately? Is adding the author as a child of admin just a quicker/cleaner way to give admin all the same permissions a lower level group has and then you can then add extra permissions on top?
I worry about doing it this way though because what if you remove a permission from the author, then all of a sudden the admin will lose that permission to unless they gain it from another child or are given it separately.
Can I still utilise RBAC for my needs or should I look at doing something custom?
The RBAC system of Yii2 is very powerful, you can effectly add yor group pemission to a parent and later if need to revoke a single permission the the child group you can add what you need only when and how you need.