If you want to give some users access to different areas of your site, the ability to moderate comments, or create new content, you will need to set more selective permissions. Jeff Traynor has written a great article on Approaches to Access Control, but this tutorial will just focus on Drupal's default only.
Go to Administer > User Management > Roles and create a new role just like in the Configure Your Website tutorial.
Next go to Administer > User Management > Access control (or Permissions)., with the list of permissions and check boxes for each role you have defined; screenshot. Typically, you'll need to visit this page each time you install a new module to grant access to non-super users1. You can get an idea about what permissions do for each module by looking it up in Core modules.
The following lists describes the function of default module permissions. This list not complete! Please help if you can.
block module
- administer blocks
- allows use to access the administer blocks page Administer > Site Building > Blocks.
- use PHP for block visibility
- allows user to enter PHP code between
<?php ?>
under "Page specific visibility settings"
comment module
- access comments
- allow user to see and read comments
- administer comments
- allow user to remove? comments
- post comments
- allow user to post comments
- post comments without approval
- what it says
filter module
- administer filters
- allows user to access the Input formats page where one can define how user-supplied text is processed.
Administer > Site configuration > Input formats
menu module
- administer menu
- allows use to access the administer menus page Administer > Site Building > Menus.
node module2
- access content
- Allows the user to view content. This should be enabled for all users, unless you want a private site.
- administer content types
- Allows the user to edit and add content types at /admin/content/types.
- administer nodes
- Allows the user to create, edit, and delete nodes of all types. This overrides all the create/edit own/edit options for specific content types below. This also exposes the 'Publishing options' section when editing nodes, allowing users to promote content to the front page, publish and unpublish, make sticky, and create new revisions.
- create [TYPE] content
- Allows the user to create content of this type. This permission exists for page and story and each additional content type defined on the site. Overridden by the 'administer nodes' permission.
- edit own [TYPE] content
- Allows the user to edit content of this type that they have created. This permission exists for page and story and each additional content type defined on the site. Overridden by the 'administer nodes' permission.
- edit [TYPE] content
- Allows the user to edit all content of this type. This permission exists for page and story and each additional content type defined on the site. Overridden by the 'administer nodes' permission.
- revert revisions
- view revisions
- This obviously has to do with the "Log Message" field when creating or editing content. However, checking this doesn't seem to make these revisions display.
system module2
- access administration pages
- allows users access to the admin path
- administer site configuration
- allows users to access the site configuration area of the admin panel
- select different theme
- allows users to change the theme from their profile.
taxonomy module
- administer taxonomy
- allows use to access the Categories page Administer > Content management > Categories.
user module2
- access user profiles
- Can see user profiles; users without this set don't see links on user names.
- administer access control
- Get the admin menu items Access control, Access rules, Roles added to navigation and able to make changes there.
- administer users
- Get the admin menu item Users -- can list all users, activate accounts, but NOT set roles.
- change own username
- what it says on the tin
Non Default Modules (at least not in 5.7 6-Feb-08)
path module2
- administer url aliases
- allows users the ability to administer the url aliases (modify, add, remove)
- create url aliases
- allows users to create url aliases
1Jeff Traynor, http://www.jefftraynor.org/node/96 paragraph 2.
2Copied from Access Permissions reference
Comments
Four Types of Access Control
This topic is extremely significant to the user community and Traynor's writeup on the four different types of access control configurations; Basic, Content Type, Taxonomy and Group should be expanded, added to this thread on Drupal.org and all references to modules for download sourced through the Drupal.org site. It looks like several of the links are broken on Traynor's site and the integrity of the links should be maintained through Drupal.org. Traynor's documentation is a good start and I look forward to learning more about Organic Group-based access control.