Step 5: Asset permissions configuration

If you want to configure who can administer asset, create new asset types and etc, you should configure permissions. Permissions are applied to Roles. If you aren't already familiar with Drupal's Role based permissions, please read Users, roles and permissions.

Asset module provides following permissions:

Comparison of user edit protection modules

Many site admins wish to prevent users from changing certain attributes in their profile or other users' profiles (password, e-mail, username and custom profile fields). This table will attempt compare and contrast the modules available for this task. Note that in addition to these modules there is the "change own username" permission available in Drupal's core user module.

Securing file permissions and ownership for Drupal 7

The server file system should be configured so that the web server (e.g. Apache) does not have permission to edit or write the files which it then executes. That is, all of your files should be 'read only' for the Apache process, and owned with write permissions by a separate user.

Note that this whole article is about "defense in depth." Drupal can run quite safely with permissions a little "looser" than they should be. But if an administrator account is compromised by an attacker or an attacker gains the ability to execute arbitrary code then the configuration below will limit their ability to further exploit your site.

Users, roles and permissions

One of the great features of Drupal is the ability to control how and what people can access on your site. You can set permissions for these "users" to define who can do what for Drupal core features and contributed modules. For example, you probably won't want casual visitors to edit your homepage. However, the site owner or trusted user should be able to do so. To learn more about the term "user", learn about Differentiating the Four Different Kinds of "Users" Encountered When Installing Drupal.

Drupal allows you to setup any number of different kinds of users or 'Roles'. Many websites have editor and site administrator roles; editors to make content updates and site admins to install new modules and make larger configuration changes.

Out of the box, Drupal recognizes two types of site visitors - those who are logged in (or 'Authenticated' users) and those who are not (or 'Anonymous' users). The exception is the first user created (user/1) -see here. Although it is not necessary, many sites have additional levels of users.

Managing roles in Drupal 5.x and 6.x

To create or edit a role, click Administration > User management > Roles.
To create or edit a user, click Administration > User management > Users.

Subscribe with RSS Subscribe to RSS - permissions