Roles and Permissions

Drupal strives to offer fine-grained control over the access of content and the execution of actions. It is important that you, the site administrator, can decide exactly what each user is able to see and do on the site. To support this, all users are assigned roles and permissions. A role describes a profile or use case for a user or group of users. For example, you may have roles named Moderator, Editor, and Admin. Two roles are defined by Drupal by default:

• The Anonymous User role is assigned to any visitor to the site who either does not have an account or is not logged in.

• The Authenticated User role is assigned to logged-in users. Newly registered users are automatically assigned to this role.

You can see a list of roles by selecting administer> access control > roles (admin/access/ roles). To create a new role, type the name of the role into the text field and click Add Role. The new role will appear in the list. You can edit your new role as well, which allows you to change its name. Once you have defined a new role, it will be visible to administrators as a check box field in the list of roles on each user's account details page (user/uid/edit), as well as on the permissions page.

A role is not useful unless it has permissions assigned to it. To view the table of permissions and roles, navigate to administer> access control (admin/access). This page lists all of the available permissions (rows) and the roles to which they are assigned (columns). Permissions are typically formulated as actions describing what they allow. For example, the Post Comments Without Approval permission, if granted, allows the comments posted by a user to appear immediately on the site, without further moderation. Otherwise, the comments need to be approved by someone who has the Moderate Comments permission.

Since the Anonymous User role includes anyone who does not have an account or is not logged in, it should be given the fewest permissions. In the default Drupal installation, the Anonymous User role is granted only the Access Content permission. This guarantees that visitors to the site can read published blogs, stories, pages, and so on. The Anonymous User is not granted the Access Comments permission by default. If you would like anonymous visitors to read forum threads and other comments, you must explicitly grant them this right.

A user may have more than one role. A user's permissions are the set of all permissions from all roles he is in, so the administrator has the opportunity to define layers of access (and responsibility) in the form of many roles, each with a small but targeted set of permissions. You might decide that your forums, for example, should be visible to anyone who visits the site. You would then grant the Anonymous User role the Access Comments permission, as forums are made up of many comments. If you decide that normal registered users should be allowed to post comments and you don't want to bother with reading each comment and approving it, you would grant the Authenticated User role the Post Comments Without Approval permission.

0 0

Post a comment