Drupal Gardens
HomeHelp pagesManaging user accounts

User roles and permissions

Access to functionality and content -What site visitors and registered users may see and do on your Drupal Gardens website is determined by one or more user roles and the permissions assigned to those roles.

User roles

User roles are controlled on the Roles page at People > Permissions tab, "Roles" link.

People-Permission-Role.png

Drupal Gardens comes with four standard roles (anonymous, authenticated, site maintainer and administrator) and more can be added to suit your needs and workflow.

Typical custom user roles include: editor, author, themer, content creator, editor, site manager, moderator and so on.

Users may be assigned any number of roles and they posses the sum of all permissions (see below) of all roles assigned to them.

Standard user roles

  • Anonymous - All site visitors not logged into your site have this role. The permissions assigned to "Anonymous" determine what they can see and do on your site. Give this role as few permissions as possible while still allowing these visitors access to, for example: content, leave comments and use your contact form.
  • Authenticated - All site visitors who are registered users on your site and logged in have this role.
  • Administrator - This is a special "super-user" role. It is always assigned every permission for every module that is enabled. Administrators have full access to all available functionality on your site. Only assign this role to other users whom you trust implicitly.
  • Site maintainer - This role is equivalent to the Drupal-standard "Administrator" role as long as your site is running in Drupal Gardens. If you export your site and install it outside of Drupal Gardens, the Drupal-default "Administrator" role will continue to receive all permissions, but the Drupal-Gardens-specific "Site maintainer" role will no longer do so.

Add or remove user roles

1. Add or remove a single user's user roles on the edit tab of their user profile (click their "edit" link on the People page)

Role - Add-remove.png

2. Add or remove a group of users' user roles (or a single user's roles) on the People page:

  1. Sort/filter the list to display the users in question.
  2. Select their checkbox(es).
  3. Select the role in question from the "Add a role to the selected users" or the "Remove a role from the selected users" sections of the "Update options" drop-down.
  4. Click "Update"

People - Bulk operations.png

User permissions

User permissions are controlled on the page at People > Permissions tab, "Permissions" link.

People-Permissions-Permissions.png

Drupal Gardens comes with a set of core access permissions. Most optional modules also add permissions to this page when they are enabled.

Assign permissions to user roles by selecting their checkboxes in the appropriate roles' columns.

Edit permissions for a single role - If you have a lot of roles on your website, the "edit permissions" link next to each role on the user roles page is a comfortable way of changing the permissions. The link leads to a page where only the chosen role is listed.

Important:

  • SECURITY - Many of the permission settings have serious security implications. Check each one carefully and only give sensitive and security-relevant permissions to users you trust. It is generally considered sensible to maintain as restrictive a set of permissions as possible that still allows your site to function as you intend.

  • Permissions are cumulative - Users assigned multiple roles will have all of the permissions included in any of their roles. For example, all logged in users have all permissions assigned to the "Authenticated" user role. Permissions define what users are permitted to do, not what they are forbidden to do.

    cumulative_roles2.png

  • Site maintainer and Administrator roles are always assigned all permissions available on your site while it is in Drupal Gardens. If you export your site and install it outside of Drupal Gardens, the Drupal-default "Administrator" role will continue to receive all permissions, but the Drupal-Gardens-specific "Site maintainer" role will no longer do so.

Create custom user roles and assign them permissions

Overview:

  • Name the new role in the text-entry box at the bottom of the user roles list.

  • Click "Add role"

  • Configure the role's permissions

Example: create a "blogger" role for guest authors on your site.

  • Name the new role - Enter "blogger" in the available text field

  • Click "Add role"

    People - Add role.png

  • Click "Edit permissions" for the newly created role.

  • Assign permissions to the new role - Give the role a set of permissions like the following.

  • Suggested permissions - (change as appropriate to your site, content types and workflow)

    Note: Permissions are cumulative and all custom roles automatically have all permissions assigned to the "Authenticated" user role (to all logged in users). Any permissions you give to other roles are always in addition to those.

    • Comment
      • View comments
      • Post comments without approval
      • Edit own comments
    • Comment Notify
      • Subscribe to comment notifications
    • Node
      • View content revisions
      • Create new Blog entry content
      • Edit own Blog entry content
      • Delete own Blog entry content
      • Create new Poll content
      • Edit own Poll content
      • Delete own Poll content
    • Poll
      • Vote on polls
      • View voting results
    • Statistics
      • View content access statistics
      • View content hits

Customer Quotes

Drupal Gardens is incredible and may change the world

What Acquia is doing here with Drupal Gardens is incredible and may change the world :) Thanks to everyone at DG for help over the last few months with CSS magic, quick and friendly answers for beginners, and for a great forum that has insane amounts of easy knowledge to find.

Acquia
© 2010-2011 Acquia. Powered by Drupal. Drupal is a registered trademark of Dries Buytaert.