Thank you, Brent Knigge for attention, but unfortunately it is not what looking for. I understood that there are two types of autManager. And in the Larry's Yii book the DbAuthManager is used.
I'm speaking about how user's role could be change without deleting all settings of rbac. Because, it can be done by deceloper, but not by administrator who will use site.
Here is a long quote from the book:
"«The goal is to invoke the assign() method once for each user, as that's what the RBAC system will need in order to confirm permission.
The first thing you'll need to do is determine what user identifier counts. In other words: what table column and model attribute differentiates the different roles? Logically, this would be a property such as user.type in the CMS example. The goal, then, is to do this:
if ($user->type === 'admin') {
$auth->assign('admin', $user->id);
} elseif ($user->type === 'author') {
$auth->assign('author', $user->id);
} elseif ($user->type === 'public') {
$auth->assign('public', $user->id);
}
That code associates the user's ID with a specific RBAC role. As each $user->type value directly correlates to a role, that code can be condensed to:
$auth->assign($user->type, $user->id);
Second, you need to determine when it would make sense to invoke assign(). A logical time would be after the user registers. To do that, you could create an afterSave() method in the model class:
# protected/models/User.php
public function afterSave() {
if (!Yii::app()->authManager->isAssigned(
$this->type,$this->id)) {
Yii::app()->authManager->assign($this->type,
$this->id);
}
return parent::afterSave();
}
«That code will be called after a model record is saved. This could be after a new record is created or after it is updated (like when the user changes her password). Because the second possibility exists, this code first checks that the assignment has not already taken place. If not, then the assignment is performed.
{TIP} If you have a situation where the user's permissions may be changed, you'd need to remove the existing role assignment and add the new one"
«The Yii Book.» Larry Ullman, 2014-12-20. iBooks.
As I understood, assign method must be called only one time for every user. But, what if I need to let administrator change roles to users? It could be a form in admin's area, where the admin could choose a role for any user. But how can I save it?
Sorry for such a long quotes and, probably for the stupid question. I'm totally new in Yii and frameworks at all, I developed only in procedural way before.