What you want is what RBAC exactly can do. In fact, you give a ROLE
to user instead of GROUP. Idea is:
- Create Your operations (For example create/update)
- Create appropriate roles based on your operations (For example Modifier, who can perform create and update)
- Assign to users one or more appropriate roles
- Wherever/Whenever you can easily check access of your users by their roles
Talking in code:
$rbac=Yii::app()->CAuthManager();
$rbac->createOperation('create','This is a description for this operation')
$rbac->createRole('modifier','This is a description for this role')
$rbac->assign('modifier','USER_ID')
$rbac->checkAccess('modifier')
Please do not limit yourself into RBAC methods provided by Yii. You can do every manipulations in your database and write your own customized methods. (I mean, while you are using rbac, you can customize the way you use it. For example considering groups as roles)
To be more clear, you can read Yii's RBAC document: