Yii2 separation of rights on the attributes of the model?

Yes, this is possible. For example through scripts. In different scenarios, the model may use different business rules and logic. For example, an email attribute may be required during user registration, but not during user login.

// сценарий задается как свойство $model = new User; $model->scenario = User::SCENARIO_LOGIN; // сценарий задается через конфигурацию $model = new User(['scenario' => User::SCENARIO_LOGIN]); 

By default, the scripts supported by the model are determined by the validation rules declared in the model.

 public function rules() { return [ // username, email и password требуются в сценарии "register" [['username', 'email', 'password'], 'required', 'on' => self::SCENARIO_REGISTER], // username и password требуются в сценарии "login" [['username', 'password'], 'required', 'on' => self::SCENARIO_LOGIN], ]; } 

Taken from here https://github.com/yiisoft/yii2/blob/master/docs/guide-ru/structure-models.md#validation-rules

But in your case, the finished Yii valid validators may not work, then you can write your own, a validator in the form of a separate class or a simple function in which you can check the current user for access rights and if he is not Admin, you will display a message with an error.

Such an example is good if you need ordinary users to see the fields that the admin can fill out, but when they try to fill them in, an error will be displayed.

Read also about RBAC a lot is written in the documentation http://www.yiiframework.com/doc-2.0/guide-security-authorization.html https://habrahabr.ru/post/235485/