Last updated September 16, 2010. Created by tamlin on February 6, 2008.
Edited by ldekay, figaro, sepeck. Log in to edit this page.

If you want to give some users access to different areas of your site, the ability to moderate comments, or create new content, you will need to set more selective permissions. Jeff Traynor has written a great article on Approaches to Access Control, but this tutorial will just focus on Drupal's default only.

Go to Administer > User Management > Roles and create a new role just like in the Configure Your Website tutorial.

Next go to Administer > User Management > Access control (or Permissions)., with the list of permissions and check boxes for each role you have defined; screenshot. Typically, you'll need to visit this page each time you install a new module to grant access to non-super users1. You can get an idea about what permissions do for each module by looking it up in Core modules.

The following lists describes the function of default module permissions. This list not complete! Please help if you can.

block module

administer blocks
allows use to access the administer blocks page Administer > Site Building > Blocks.
use PHP for block visibility
allows user to enter PHP code between <?php ?> under "Page specific visibility settings"

comment module

access comments
allow user to see and read comments
administer comments
allow user to remove? comments
post comments
allow user to post comments
post comments without approval
what it says

filter module

administer filters
allows user to access the Input formats page where one can define how user-supplied text is processed.
Administer > Site configuration > Input formats

menu module

administer menu
allows use to access the administer menus page Administer > Site Building > Menus.

node module2

access content
Allows the user to view content. This should be enabled for all users, unless you want a private site.
administer content types
Allows the user to edit and add content types at /admin/content/types.
administer nodes
Allows the user to create, edit, and delete nodes of all types. This overrides all the create/edit own/edit options for specific content types below. This also exposes the 'Publishing options' section when editing nodes, allowing users to promote content to the front page, publish and unpublish, make sticky, and create new revisions.
create [TYPE] content
Allows the user to create content of this type. This permission exists for page and story and each additional content type defined on the site. Overridden by the 'administer nodes' permission.
edit own [TYPE] content
Allows the user to edit content of this type that they have created. This permission exists for page and story and each additional content type defined on the site. Overridden by the 'administer nodes' permission.
edit [TYPE] content
Allows the user to edit all content of this type. This permission exists for page and story and each additional content type defined on the site. Overridden by the 'administer nodes' permission.
revert revisions
view revisions
This obviously has to do with the "Log Message" field when creating or editing content. However, checking this doesn't seem to make these revisions display.

system module2

access administration pages
allows users access to the admin path
administer site configuration
allows users to access the site configuration area of the admin panel
select different theme
allows users to change the theme from their profile.

taxonomy module

administer taxonomy
allows use to access the Categories page Administer > Content management > Categories.

user module2

access user profiles
Can see user profiles; users without this set don't see links on user names.
administer access control
Get the admin menu items Access control, Access rules, Roles added to navigation and able to make changes there.
administer users
Get the admin menu item Users -- can list all users, activate accounts, but NOT set roles.
change own username
what it says on the tin

Non Default Modules (at least not in 5.7 6-Feb-08)

path module2

administer url aliases
allows users the ability to administer the url aliases (modify, add, remove)
create url aliases
allows users to create url aliases

1Jeff Traynor, http://www.jefftraynor.org/node/96 paragraph 2.
2Copied from Access Permissions reference

Looking for support? Visit the Drupal.org forums, or join #drupal-support in IRC.

Comments

This topic is extremely significant to the user community and Traynor's writeup on the four different types of access control configurations; Basic, Content Type, Taxonomy and Group should be expanded, added to this thread on Drupal.org and all references to modules for download sourced through the Drupal.org site. It looks like several of the links are broken on Traynor's site and the integrity of the links should be maintained through Drupal.org. Traynor's documentation is a good start and I look forward to learning more about Organic Group-based access control.