Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.As explained in #961682: Does the role delegation module supersede this module?, RoleAssign has its niche for small sites where Role Delegation is overkill.
I have received ownership of RoleAssign and will continue to maintain it, because I need it for my sites. There's a beta version for D7 available.
Comments
Comment #1
Andrew Schulman CreditAttribution: Andrew Schulman commentedOK, done. Please see if the revised page is to your satisfaction, and consider adding a link to Role Delegation on the RoleAssign page.
I've never looked at RoleAssign before, but now that I look at it, it and Role Delegation are really very similar. IIUC, the main difference is that RoleAssign provides only the "assign all roles" permission, while Role Delegation provides that and the individual role assignment permissions. Beyond that there are probably minor differences; for example, Role Delegation now provides bulk role assignment operations, and I don't know if RoleAssign adds role assignment operations to user profiles, as Role Delegation does. There may be others.
Should Role Delegation and RoleAssign be combined? What if there were a configuration setting for whether to provide the individual role assignment permissions? By adding just that one setting, the functionality of both modules could be wrapped into one.
Comment #2
salvisThank you so far, but the description of RoleAssign is not correct yet. RoleAssign provides one Assign roles permission and the system administrator defines the set of roles that are available under that permission — it's NOT all roles, as you wrote.
This approach is different from the one in Role Delegation, and both have their merits, depending on how a site is organized. One of my sites has 30 roles (think 30 permissions burdening the Permissions page, 900 role/permission pairs to administer!) but only one Webmaster role and one user holding that role. I don't want him to appoint additional webmasters without my knowing, so I've unchecked the Webmaster role on the list of roles that are available for assignment.
I've added an RD link to RA's front page. Please take a look and let me know whether that works for you.
No, I don't think the two modules should be merged. RA's approach is very simple and straightforward, it's focused and maintainable. RD's approach makes my head spin. To make it only somewhat controllable you'd have list the transitive closure of reachable assign permissions for each assign permission. Combine that with users having multiple roles and roles having multiple assign permissions, and it becomes very very hard to tell which permissions any given user can obtain if he keeps assigning himself all roles as they become available. This makes RD administration and auditing down-right daunting. I would never want to use RD unless I absolutely had to, and I'd probably try to run RA for the security-relevant roles anyway, but this still wouldn't solve the problem of keeping track of all those checkboxes. It probably wouldn't work either...
Comment #3
Andrew Schulman CreditAttribution: Andrew Schulman commentedOK, done. Thanks for the explanation.
Comment #4
salvisThanks