I've been working with Symfony (2.x) for the first time and I had some questions regarding the definition of roles, role hierarchy, and how they can be assigned to individual users.

I was interested in storing the roles and role hierarchy in a database (rather than security.yml); however, I cannot find any documentation supporting this. Is this advisable?

I was interested in having an admin module that can add new roles and define role hierarchies; however, having the admin module modify security.yml or some other config file seems like a bad idea.

This obviously would require that the ACLs can be stored in a database as well.

• Does anyone have any tips or documentation that might help with this?
• Is it a bad idea, performance wise?

I've been successful implementing this with Zend Framework in the past and was hoping to do the same with Symfony2.

Perhaps you might want to have a look at FOSUserBundle

The solution:

The following cookbook entry is about storing/retrieving users and roles to/from the database "How to load Security Users from the Database (the Entity Provider)" http://symfony.com/doc/current/cookbook/security/entity_provider.html

To make the long story short, your role and user entity classes have to implement RoleInterface and UserInterface / AdvancedUserInterface and you have to make some changes to your security.yml

You would need to put the roles in the db, and map it using a many-to-many relation. Then build some admin on the roles. I wrote how to change the User to use m2m roles at http://blog.jmoz.co.uk/symfony2-fosuserbundle-role-entities. I haven't got as far as the role hierarchy so that is still stored in the config.