How to use the AccessDecisionManager in Symfony2 for authorization of arbitrary users?

You need only AccessDecisionManager for this, no need for security context since you don't need authentication.

$user = new Core\Model\User();$token = new UsernamePasswordToken($user, 'none', 'none', $user->getRoles());$isGranted = $this->get('security.access.decision_manager')    ->decide($token, array('ROLE_ADMIN'));

This will correctly take role hierarchy into account, since RoleHierarchyVoter is registered by default

Update

As noted by @redalaanait, security.access.decision_manager is a private service, so accessing it directly is not a good thing to do.It's better to use service aliasing, which allows you to access private services.

Maybe you can instantiate a new securityContext instance and use it to check if user is granted :

$securityContext = new \Symfony\Component\Security\Core\SecurityContext($this->get('security.authentication.manager'), $this->get('security.access.decision_manager'));$token           = new \Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken($user, null, $this->container->getParameter('fos_user.firewall_name'), $user->getRoles());$securityContext->setToken($token);if ($securityContext->isGranted('ROLE_ADMIN')) {    // some stuff to do}

security.context Is deprecated since 2.6.

Use AuthorizationChecker:

$token = new UsernamePasswordToken(     $user,     null,     'secured_area',     $user->getRoles());$tokenStorage = $this->container->get('security.token_storage');$tokenStorage->setToken($token);$authorizationChecker = new AuthorizationChecker(     $tokenStorage,     $this->container->get('security.authentication.manager'),     $this->container->get('security.access.decision_manager'));if (!$authorizationChecker->isGranted('ROLE_ADMIN')) {    throw new AccessDeniedException();}