Alright, well, it looks like I misunderstood how roles are actually used by this bundle. Now that I've looked into it while not half asleep and I've more closely examined the code, it actually makes a lot more sense why it's done this way, and it's far easier than I was making it. Now I just feel silly. :) You have to explicitly add roles to each user and then store them in the database.
For example, to add the ROLE_MEMBER role to Carl: $userManager = $this->container->get('fos_user.user_manager'); $user = $userManager->findUserBy(array('username' => 'Carl')); $user->addRole('ROLE_MEMBER'); $userManager->updateUser($user); // persists the object The role hierarchy only appears to apply when determining the access_control portion of security.yml. Perhaps that's the case for the built-in security component too and I just misunderstood portions of the documentation, which seems likely. The only problem I have now is updating the user's session when there are changes in roles while they're logged in (I doubt this is difficult -- I just haven't looked it up yet). Apparently I was more tired yesterday than I thought. It all makes sense today... ;) -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en