public function behaviors() { $behaviors = parent::behaviors(); //Only can be accessed by root $behaviors['access'] = ['class' => AccessControl::className(), 'rules' => [['allow' => true, 'roles' => ['@'], 'matchCallback' => function ($rule, $action) { return Yii::$app->user->identity->isRoot(); }]]]; return $behaviors; }