User roles and permissions

Last updated on
25 June 2020

Basic user roles

The basic role progression a user on Drupal.org is going through is as follows:

Anonymous user -> Email Unverified user -> Authenticated user -> Confirmed user -> Community user

These roles are normally granted permanently. They are synced across all *.d.o sites.

Anonymous user

Is a default role. People who have no accounts on the site can:

  • view content (published content and comments, news feeds, project usage, confirmed user profiles),
  • use search,
  • access Drupal.org API,
  • clone code via git.

Email unverified user

These are the users who registered an account, but haven't verified their email address yet.

A system message is displayed on all pages to encourage these users to verify their email addresses. Profile pages of these users are not visible to anonymous users and therefore search engines. All their form submissions are going through spam checks.

These users are able to create (and edit own) basic content:

  • forum posts

They also can:

  • view and manage own SSH keys,
  • view commit messages,
  • view printer friendly books,
  • cancel own user account,
  • edit own profile and change own username,
  • view content revisions,
  • view own unpublished content,
  • buy things:
    • tickets on Events.drupal.org,
    • job postings on Jobs.drupal.org.

Until their email is verified, users are not be able to get any further roles on Drupal.org.

Authenticated user

Users get this role once they verify their email address.

In addition to all permissions of the 'email unverified' role, authenticated users are able to:

  • get further roles on the site,
  • accept Git access agreement,
  • create Project pages,
  • edit any Book page,
  • comment and edit own comments,
  • create Issues and edit any issue,
  • add multiple emails to their user profiles.

Their profile is still not visible for anonymous users, and form submissions are still checked for spam.

All users with 'Community' role can see that they are not yet confirmed and have the option to confirm them in comments or on their profile page.

Confirmed user

This role is granted manually to authenticated users. Currently we also automatically grant the role based on the amount of content submissions. This will be turned off soon.

Once a user has this role, their form submissions are not checked for spam anymore. Their profile is visible to anonymous users.

In addition to all permissions from previous roles, they also are able to:

  • create (and edit) additional types of content:
    • case studies (create and edit own),
    • organization pages (create, edit and delete own),
    • book listings (unpublished, per current process there),
    • book pages (create and edit any),
    • change records (create and edit any).
  • add content to Books,
  • use other users' personal contact forms,
  • use site wide contact form,
  • use two-factor authentication on their user accounts,
  • request PIFT re-test file.

Community user

These are the users who have been around long enough and have enough community participation, so that they are trusted to give 'Confirmed user' role to other people.

A user gets 'Community user' role automatically once they:

  • have 'Confirmed user' role,
  • have registered more than 3 months ago,
  • reach certain amount of community participation.

Upon getting the role, user receives welcoming email, which explains what are the additional things they can do from now on Drupal.org.

In addition to all permissions of 'Confirmed user', they can

  • see ‘New’ indicator on user profiles, posts and comments of users who have ‘Authenticated user’ role, but don’t have ‘Confirmed user’ role,
  • give those users ‘Confirmed user’ role.

Advanced user roles

For information about the advanced user roles see the policy page.

Help improve this page

Page status: No known problems

You can: