Many new users expect authenticated users to have all permissions given to anonymous users, but this isn't actually how the system works - by design. See http://drupal.org/node/103348.

The following clarification in the docs would be helpful.

======
Although all roles you create yourself receive any permissions you give to authenticated users automatically, neither roles you create yourself nor the authenticated user role receives permissions given to anonymous users. If you check any of the Access Control boxes for anonymous users, make sure you also check the equivalent box for authenticated users, or wacky behavior results.
======

Comments

pwolanin’s picture

pwolanin commented

Where is the text that you want to see clarified? If it is within the handbook, than this issue queue is the right place (post the link to the handbook page). If you are suggesting a change to the text that appears when actually using Drupal on your own site, you need to use the Drupal issue queue since the changes need to be made within the code base.

googhome’s picture

googhome commented

In retrospect, the paragraph that implies that all users have the permissions granted to anonymous users is in the book Building Online Communities with Drupal, phpBB, and WordPress (3rd full paragraph on p 35), which I understand you can't do anything about.

pwolanin’s picture

pwolanin commented
Status: Active » Fixed

added a note at the bottom of this handbook page: http://drupal.org/node/22275

Anonymous’s picture

(not verified) commented
Status: Fixed » Closed (fixed)