Member-only story
Symfony’s Security Key Concepts in 5 minutes
Let’s go over the obscure terms and concepts of this critical component
Can I have 5 minutes of your time? That’s all I need to help you step up about Symfony 6 Security component. It’s sometimes hard to understand everything in here. Well, you don’t have to understand everything of course. But having the knowledge of the different parts and terms used will significantly help you understanding what you’re doing. Without waiting furthermore, let’s get into it.
User, password and roles
Everything begins with users. Symfony offers a UserInterface you can implement so your model is compatible with the security layer and match your exact needs. An user has an unique identifier to differentiate it from other users. This identifier can be anything you want: an integer, an email, an UUID. It’s up to you.
An user is also attached to one or multiple roles. These roles are used afterwards to make decisions on resources access. Roles can be organised hierarchically. This means if you have a role, you can inherit of other roles. For instance, a super admin user is likely to have all the defined roles in your application. Finally, a PasswordHasher is used to encrypt passwords.
