[ 'class' => \yii\filters\AccessControl::className(), 'rules' => [ // allow authenticated users [ 'actions' => ['create','index','view','update'], 'allow' => true, 'roles' => ['admin','employee','reception'], ], // everything else is denied ], ], ]; } }