chamilo-lms/app/config/security.yml

# To get started with security, check out the documentation:
# http://symfony.com/doc/current/book/security.html
security:
    access_control:
        - { path: ^/administrator, role: ROLE_ADMIN }
        - { path: ^/efconnect, role: ROLE_USER }
        - { path: ^/elfinder, role: ROLE_USER }

    encoders:
       FOS\UserBundle\Model\UserInterface:
           id: chamilo_user.security.encoder

    role_hierarchy:
        ROLE_SONATA_ADMIN: ROLE_USER
        ROLE_ADMIN:
            - ROLE_SONATA_ADMIN
            - ROLE_QUESTION_MANAGER
            - ROLE_SESSION_MANAGER
            - ROLE_TEACHER
            - ROLE_DIRECTOR
            - ROLE_JURY_PRESIDENT
            - ROLE_CURRENT_COURSE_TEACHER
            - SONATA
        ROLE_SUPER_ADMIN: [ROLE_SONATA_ADMIN, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

        ROLE_GLOBAL_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
        ROLE_RRHH: [ROLE_TEACHER]
        ROLE_TEACHER: [ROLE_STUDENT]
        ROLE_QUESTION_MANAGER: [ROLE_STUDENT, ROLE_QUESTION_MANAGER]
        ROLE_SESSION_MANAGER: [ROLE_STUDENT, ROLE_SESSION_MANAGER, ROLE_ALLOWED_TO_SWITCH]
        ROLE_STUDENT: [ROLE_STUDENT]
        ROLE_CURRENT_TEACHER: []
        ROLE_CURRENT_COURSE_STUDENT: [ROLE_CURRENT_COURSE_STUDENT]
        ROLE_CURRENT_COURSE_TEACHER: [ROLE_CURRENT_COURSE_TEACHER, ROLE_CURRENT_COURSE_STUDENT]

        SONATA:
            - ROLE_SONATA_PAGE_ADMIN_PAGE_EDIT # if you are not using acl then this line must be uncommented
            - ROLE_SONATA_PAGE_ADMIN_BLOCK_EDIT


        ROLE_ANONYMOUS: [ROLE_ANONYMOUS]

    access_decision_manager:
        # strategy can be: affirmative, unanimous or consensus
        strategy: unanimous

    # http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
    providers:
        fos_userbundle:
            id: fos_user.user_manager

    firewalls:
        # disables authentication for assets and the profiler, adapt it according to your needs
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

        main:
            pattern: .*
            context: user
            form_login:
                provider: fos_userbundle
                login_path:     /login
                use_forward:    false
                check_path:     /login_check
                failure_path:   null
                default_target_path: /administration
#                success_handler: chamilo_core.listener.login_success_handler
            logout:
                path:   /logout
                target: /
#                success_handler: chamilo_core.listener.logout_success_handler
                invalidate_session: false
#                handlers: ['sonata.page.cms_manager_selector']
            anonymous: ~
            switch_user: false