By default yii2-user implements basic access control using \yii\filters\AccessControl. In order to implement Role Based Access Control (RBAC), you need to update the access behavior in the controllers. For example:
'modules' => [
'user' => [
'class' => 'comyii\user\Module',
'defaultControllerBehaviors' => [
'access' => [
'class' => \common\components\AccessControl::className(),
]
],
],
],You may read the Yii 2 RBAC Documentation for details on configuring RBAC for your application.