Like most larger PHP frameworks, Symfony2 contains a component that handles all kinds of security topics. Its main two capabilities are authentication and authorization. While making it easy to implement these concepts, the component separates them and executes one after the other. In the first step, the framework determines who the current user is or whether he is who he claims to be respectively (Authentication). Secondly, it evaluates whether he is allowed to perform a certain operation (Authorization).
This article focuses on authorization or – more accurately – Symfony2’s Access Control Lists (ACLs) and how they support the implementation of complex access right models.