Home » Administration Guide » Managing users » User: access and management settings

Managing access control with permissions and user roles

Last modified: December 18, 2006 - 19:28

Roles, a way of assigning specific permissions to a group, allow you to fine tune the security, use and administration of Drupal. Users assigned to the role, or group, are granted those permissions assigned to the role. Common examples of roles used with which you may be familiar include: anonymous user, authenticated user, moderator, and administrator.

By default, Drupal automatically defines two roles as a part of site installation:

  • anonymous user -- readers of the site who are either do not have an account or are not logged in.
  • authenticated user -- the role assigned to new accounts on a Drupal site.

The anonymous user role should typically have the least access to the site of all roles. Authenticated users, because they took the time to register, might be given more permissions, such as the ability to create some types of content. If administrator approval is required for new users, or if they match certain criteria (such as having a company email address), you may be able to grant more permissions that way.

The first Drupal account created on a new installation, sometimes referred to as the "root user", always has full permissions for all Drupal activities, including administration and content creation, editing and removal.

More trusted users might be granted special privileges through an administrator-created role, and must be manually added to that role through the user administration interface. To create new roles:

  1. Click administer >> access control >> roles tab.
  2. Enter a label for the new role in the available text field at the bottom of the current list of roles.
  3. Once you've added the role, select the permissions tab.
  4. Your new role will be listed as a new column in the permission matrix. Grant permissions to the new role.
  5. To add users to this role you will need to edit individual user accounts. Click administer >> users and the edit link for the user you wish to add to the role. Then you can add this user to your new role under the Roles section of the user edit page.

Note: Although all roles you create yourself receive any permissions you give to authenticated users automatically, neither roles you create yourself nor the authenticated user role receives permissions given to anonymous users. If you check any of the permissions boxes for anonymous users in the access control page, you should almost always also check the equivalent box for authenticated users to avoid odd site behavior.

» Login or register to post comments
 
 

Drupal is a registered trademark of Dries Buytaert.