There are a few posts on this website that deal with authorization and access controlling on Yii but they are mostly related to the module I (and I think he majority of Yii users) use, which is the awesome Yii rights module written by Cniska.
This post is, however, a collection of best practices and tips and tricks on the theme Access control and Authorization on Yii, but not necessarily bound to Rights module.
The default Yii way to handle errors is to call the
site/error view, which uses the app's layout to inform the user about the error that's occurred. However, don't forget to:
allow **all users to view the
site/erroraction. If a user gets a **403 forbidden exception thrown, he/she will get redirected to
site/erroraction but, if you haven't allowed him/her to view it, he won't be able to.
Site/erroris an action like all others and, for users to be able to view it, you must enable it.
don't forget to set a layout for the
site/errorview. Otherwise the user will get shown a blank page with just a
<h2>tag which is very ugly and it looks very amateurish.