From http://www.yiiframework.com/doc/guide/1.1/en/topics.auth
The access rules are evaluated one by one in the order they are specified. The first rule that matches the current pattern (e.g. username, roles, client IP, address) determines the authorization result. If this rule is an allow rule, the action can be executed; if it is a deny rule, the action cannot be executed; if none of the rules matches the context, the action can still be executed.
So you should combine all the roles that can execute an action in a single expression i.e.
array('allow',
'actions'=>array('index','create','update'),
'expression'=>'in_array(Yii::app()->user->getState("loginAs"),array("Super User","Administrator",...))'
),
array('allow',
'actions'=>array('delete'),
'expression'=>'Yii::app()->user->getState("loginAs")=="Super User"'
),
Also if you follow the link above, you'll see how to implement RBAC in Yii. This can reduce your code to something like
array('allow',
'actions'=>array('index','create','update'),
'roles'=>array("Super User","Administrator"),
),