I started using srbac in Yii.
The options that are available: create a role, task and operation and then assign: Operation to Task, Task to Role.
My question is: do i need to create a task for each operation? because i want to assign 1 operation to the lowest user level, and 4 operations to the super admin.
hope i was clear, Danny
Role, Task and Operation are all 'authorization items', you've to had it present. They only provide a way to organize permissions in a tree way, and then you can choose whatever node of the tree and assign it to a user. Of course it is also possible to assign multiple nodes to a user, being leafs or not.
If you only need to design a very simple app, you can simply create 4 'operations' (or tasks, or roles), and assign them under your criteria to the users. But tree scheme is recommended for medium-big apps.
I had a similar question, I think, some time ago when I dived into RBAC in Yii. I think that what's need to be cleared out is what's the real meaning of an operation, task and role. My conclusions are laid out here and are based on a nice comment from the Yii project founder himself, found here. In a nutshell, operations are the most basic building blocks (a-la atoms of the Yii RBAC world). Developers (and they only) define those and build tasks from them. A task is composed from one or more operations. A role is built from tasks (at least one).
In my design, I use tasks as the basic building blocks and examples to tasks is "edit own profile", "create article", "send private message", etc... . To me, breaking those auth items to finer granularity is an over-design.
Also, I think that your app's RBAC tree shouldn't fit the simple requirements its facing now but rather be more robust from the start. I recommend setting up tasks and roles and assign roles to users. I find this a more intuitive way to maintain the site.