To create a flexible permission management system for Yii applications with focus on separation of concern.


Check out design document here


Yii’s ACL and RBAC support is good for small to medium sized applications but as the application grows workarounds are incorporated in. These usually complicate the logic further. There are quite a few extensions available on Yii Extensions page that take this functionality further but depending on requirements one might find them lacking too.

About a week ago ezekielnoob started a discussion on Permissions on #yii. I was there so I jumped in and explained how we take care of Permissions at Zurmo. We both agreed on the system being flexible and strong so decided to rewrite it from scratch for Yii. We created a repository(which is empty right now) and a design document which is still open for feedback. If you’re a Yii developer then it would be great if you could leave some feedback there by adding comments or replying to the ones already there.


The hard question. No idea. It will be there when it will be there. I can’t find enough time to dedicate to make edits to the document but its taking up a good shape. We plan to do it for Yii2 so hopefully it would be released around the same time Yii2 is made available for Production systems, no promises though.

Leave a Comment