Last updated October 31, 2011. Created by NancyDru on February 19, 2007.
Edited by flip, denverdataman, figaro, LeeHunter. Log in to edit this page.
Your site requires different permissions to be set per user type. For example, you probably won't want casual visitors to edit your homepage. However, the site owner or trusted user should be able to do so. To learn more about the term "user", learn about Differentiating the Four Different Kinds of "Users" Encountered When Installing Drupal.
Drupal allows you to setup any number of different kinds of users or 'Roles'. Many websites have editor and site administrator roles; editors to make content updates and site admins to install new modules and make larger configuration changes.
Out of the box, Drupal recognizes two types of site visitors - those who are logged in (or 'Authenticated' users) and those who are not (or 'Anonymous' users). The exception is the first user created (user/1) -see here. Although it is not necessary, many sites have additional levels of users.
Managing roles in Drupal 5.x and 6.x
To create or edit a role, click Administration > User management > Roles.
To create or edit a user, click Administration > User management > Users.
To specify the permissions for a role, click Administration > User management > Permissions.
To add editors to your site, you will first need to create an editor role. Click Administration > User management > Roles. Type in the name of your new role (e.g. 'editor') and click 'Add role'.
To add a new 'editor' user, go to Administration > User management > Users and click the 'Add User' tab. After typing the username and email address, enable the 'editor' checkbox and click 'Create new account'.
Finally, you can configure permissions for editors at Administration > User management > Permissions. To give editors the ability to edit any page within the site, scroll down the permissions page and click the checkbox next to 'edit any page content'.
Managing roles in Drupal 7
To create (or edit) a role, navigate to the Roles Page People > Permissions tab > Roles tab . Like the example above, in 5.x and 6.x, Type in the name of your new role (e.g. 'editor') and click 'Add role'.
Having created the 'editor' role, now, create a user. Navigate to the People Page People and click '+ Add user'
After typing the username and email address, enable the 'editor' role by selecting 'editor from roles and click 'Create new account'.
Finally, you can configure permissions for editors at People > Permissions tab. To give editors the ability to edit any page within the site, scroll down the permissions page and click the checkbox next to 'edit any' for each content type.
Comments
User role precedence
I'm having some issues with permissions and was wondering if there is a specific rule regarding precedence.
For example, if authenticated users have permissions to do more than say 'sample-role'. Which one will take precedence?
Merged
Essentially all permissions are merged into what the user experiences. So if a user is logged in as "sample-role" they get everything an "authenticated user" can do PLUS whatever "sample-role" allows. So if you want some users restricted from something, "authenticated user" should be the lowest level of permissions and other roles should increase their permissions.
NancyDru
user id 1
Perhaps this document should include a quick reference to the special user #1, and an explanation of why/how that user is special. I think this would put the concept of "roles" in perspective, since the only user that a new reader is familiar with doesn't exactly fit in either of the two mentioned user types.
edit - modified document to mention user/1
any detail on what specific
any detail on what specific permissions do? like what does "display drupal links" do under Access control permssions?? It be nice to have a list with definitions.
Good news / bad news
The bad news: In D6, unless the maintainer makes a point of telling you, no there's not any way of knowing without digging into the module.
The good news: In D7, a developer can add a description to the permissions. It may take a while before most do though (hint: that's what issue queues are for).
NancyDru
Maximum number of user/roles
Can anyone tell me if there is an upper limit on the number of user/roles?
Thanks
Sam
Nope
There is no design limit, but both could have some impact on performance, probably roles more than users.
NancyDru
changing user permissions does not take affect
Hi,
We changed our editorial policy which forced me to change permissions for the "blogger" role and take away their ability to "publish own blogpost content." However, one of our bloggers was able to publish something yesterday after I did make that change. I went and looked at user->permissions to confirm that I saved the changes and it shows that blogger does not have the ability to publish own blogpost content (or anything else for that matter).
Do I need to clear caches? Do I need to have the log out and log back in? Is there something else?
This is on Drupal 6.x
Thanks for the help
Charlie
www.sustainableindustries.com
(New Drupal-powered version under development)
Hmm...
The permission is checked when they begin the create content process. If they then wait (even hours), they still have already been granted permission. If you can confirm that they had a page build other than that after you changed the permissions, then you can open a core issue.
And it rarely hurts to clear caches when doing a significant admin action.
NancyDru