Permissions reference

In Drupal 7, the permissions are documented in Drupal itself on the Permissions page (Admin > People > Permissions or http://example.com/admin/people/permissions) and in the Help reference pages at http://example.com/admin/help (in the Toolbar).

This page documents the permissions that core modules expose in Drupal 6. These permissions are found under User Management > Permissions in the administration screen(s) or http://example.com/admin/user/permissions[/optional-role-id]. (In Drupal 5, they are found under User Management > Access Control or http://example.com/admin/user/access[/optional-role-id].)

Please note that this page is only for core modules. See the child pages for documentation about access permissions for specific contributed modules.

Aggregator module

access news feeds: Permission to allow view only access to news feeds.
administer news feeds: Permission to create and configure news feeds.

Block module

administer blocks: Permission that gives users access to the block configuration page, allowing them to modify settings for blocks, such as assigning a block to a region, changing its weight, or restricting display to certain page(s). For more information about block configuration, see Block Configuration.
use PHP for block visibility: Permission that allows the designated role(s) to use PHP code to determine whether a block will be displayed or not when a page is loaded. This permission should only be given to fully trusted users. For more info, see the PHP block visibility settings page.

Blog module

create blog entries: Permission to create new blog entries.
delete any blog entry: Permission to delete any user's blog entry.
delete own blog entries: Permission to delete a user's own blog entry.
edit any blog entry: Permission to edit any user's blog entry.
edit own blog entries: Permission to edit a user's own blog entry.

Blog API module

administer content with Blog API: Permission that allows site administrators to configure which content types can be posted via external blog applications.

Book module

access printer-friendly version: Permission that allows view only access to print-friendly version of books.
add content to books: Permission to add new book pages.
administer book outlines: Permission to rearrange book outlines.
create new books: Permission to create a new book.

Comment module

access comments: Permission to view comments.
administer comments: Permission to edit, unpublish, and delete comments.
post comments: Permission to create an unpublished comment.
post comments without approval: Permission to create a published comment without approval.

Contact module

access site-wide contact form: Permission that allows view access to the site-wide contact form.
(Drupal 6 only) administer site-wide contact form: Configure settings for the site-wide contact form.

Filter module

administer filters: Permission that allows the user access to the input format configuration pages. Users with this permission can also use all input formats on the site. This permission should only be given to fully trusted users.

Forum module

administer forums: Permission to configure settings for forums.
create forum topics: Permission to create new forum topics.
delete any forum topics: Permission to delete any forum topic.
delete own forum topics: Permission to delete a user's own forum topic.
edit any forum topic: Permission to edit any forum topic.
edit own forum topic: Permission to edit a user's own forum topic.

Locale module

administer languages: Permission to configure settings for languages.
translate interface: Permission to translate elements of the interface for other languages.

Menu module

administer menu: Permission to create and edit menus and menu items.

Node module

access content: Permission that allows the user to view content. This should be enabled for all users, unless you want a private site.
administer content types: Allows the user to edit and add content types at Site building > Content http://example.com/admin/content/types. This permission should only be given to fully trusted users.
administer nodes: Permission that allows the user to create, edit, and delete nodes of all types. This overrides all the create/edit own/edit options for specific content types below. This also exposes the 'Publishing options' section when editing nodes, allowing users to promote content to the front page, publish and unpublish, make sticky, and create new revisions.
create [content-type] content: Permission that allows the user to create content of this type. This permission exists for page and story and each additional content type defined on the site. Overridden by the 'administer nodes' permission.
(Drupal 6 only) delete any [content-type] content: Permission to delete content of this type created by any user. This permission exists for page and story and each additional content type defined on the site. Overridden by the 'administer nodes' permission.
delete own [content-type] content: Permission to delete a user's own content of this type. This permission exists for page and story and each additional content type defined on the site. Overridden by the 'administer nodes' permission.
delete revisions: Permission to delete revisions for content of this type. This permission exists for page and story and each additional content type defined on the site. Overridden by the 'administer nodes' permission.
edit own [content-type] content: Allows the user to edit content of this type that they have created. This permission exists for page and story and each additional content type defined on the site. Overridden by the 'administer nodes' permission.
edit any [content-type] content: Permission that allows the user to edit all content of this type. This permission exists for page, story, and each additional content type defined on the site. Overridden by the 'administer nodes' permission.
revert revisions: Permission to revert content of this type to a previous revision. This permission exists for page and story and each additional content type defined on the site. Overridden by the 'administer nodes' permission.
view revisions: Permission to view previous revisions of content. This permission exists for page and story and each additional content type defined on the site. Overridden by the 'administer nodes' permission.

Path module

administer url aliases: Permission that allows users the ability to administer the url aliases (modify, add, remove).
create url aliases: Permission that allows users to create url aliases.

Poll module

cancel own vote: Permission to cancel a user's own vote.
(Drupal 5) create polls (Drupal 6) create poll content: Permission to create a new poll.
(Drupal 6 only) delete any poll content: Permission to delete a poll created by any user.
(Drupal 6 only) delete own poll content: Permission to delete a user's own poll.
(Drupal 6 only) edit any poll content: Permission to edit poll content created by any user.
(Drupal 6 only) edit own poll content: Permission to edit a user's own poll content.
inspect all votes: Permission to view submitted votes for polls.
vote on polls: Permission to submit votes for polls.

Search module

administer search: Permission to configure administrative settings for site search.
search content: Permission to use this basic site search box.
use advanced search: Permission to apply additional filters to site searches.

Statistics module

access statistics: Permission to view all statistics.
view post access counter: Permission to view the number of page hits on each content page.

System module

access administration pages: Permission that allows users access to the administration path.
(Drupal 6 only) access site reports: Permission that allows view only access to administrative reports for the site.
(Drupal 6 only) administer actions: Permission to administer available actions.
(Drupal 6 only) administer files: Permission to administer uploaded files.
administer site configuration: Permission that allows users to access the site configuration area of the administration panel. This permission should only be given to fully trusted users.
select different theme: Permission that allows users to change the site's theme from their profile.

Comments

Drupal 7 Permissions

camerongreen commented 11 October 2011 at 14:52

If you are looking for the machine names of Drupal 7 permissions, as far as I can see you won't find them in the Permissions or Help pages. I created myself a tiny module I can install on any site, which adds a help screen listing invoking the permissions hook and returning all permissions for the site. The bit which returns the perms is this: $available = array_keys(module_invoke_all('permission'));

administer nodes?

brad.bulger commented 24 July 2013 at 19:00

I see lots of references to

Overridden by the 'administer nodes' permission.

but not so much of an entry for administer nodes itself, which would seem like a useful thing, yah? especially since pages like Viewing unpublished content link here specifically to see " (more information on 'administer nodes')"?

Administer nodes

Nux commented 8 September 2013 at 14:56

Search for it in the node module permissions. If you have a non-English Drupal then search for "administer nodes" in the source of the permissions page (e.g. for Polish it is called "zarządzanie segmentami").

it's the documentation

brad.bulger commented 16 September 2013 at 22:14

The point is that there is no definition or description of the "administer nodes" permission on this "Permissions reference" documentation page, and there should be, especially so because it is referenced so frequently on this very page.

I can see that, for Drupal 6 at least, it is defined by the node module. The closest thing to a definition I find in there is from a comment:

In determining access rights for a node, node_access() first checks whether the user has the "administer nodes" permission. Such users have unrestricted access to all nodes.

I don't know if there is more to say about it, though.

I think it's just a typo

srees commented 2 October 2013 at 22:40

The permission titled 'administer content' is probably supposed to be 'administer nodes'. (Not the one that says 'administer content types')

How can something be better than nothing, when nothing is perfect?

It's not quite the same thing

inversed commented 7 March 2015 at 23:27

It's not quite the same thing in Drupal 7 because there is a separate permission to "Bypass content access control". However, "Administer content" does control the other permissions such as the publishing options, revisions, etc.

'Administer content' does not allow access to all content?

Jons commented 12 August 2016 at 14:52

It seems to me that 'This overrides all the create/edit own/edit options for specific content types below.' is not the case.
If I set 'Administer content' for a sub-editor role, and I have a content type that is not available to that role (Create, Edit, Delete etc all unset), then the role can see content it in the content list, but cannot edit. They can publish/unpublish etc for Content Types where they have edit access. Anyone see otherwise?

'Administer Content' description

wturrell commented 25 January 2017 at 19:24

I've got an issue on rewriting the text for that on /admin/people/permissions open here...

Drupal 8 list

FiNeX commented 30 June 2017 at 13:43

Hi, would be possible to update this list for Drupal 8?

--
by FiNeX
FiNeX.org
Siti Web Vicenza

Drupal 8 Permission Names

mikereed commented 27 February 2020 at 19:36

I was able to find these by viewing the source of the permissions page while logged in as Administrator https://example.com/admin/people/permissions. The names appear in the name attribute of the input checkboxes:
<input class="rid-administrator js-rid-administrator form-checkbox" data-drupal-selector="edit-administrator-access-user-profiles" disabled="disabled" type="checkbox" id="edit-administrator-access-user-profiles" name="administrator[access user profiles]" value="1" checked="checked" />