Index: includes/bootstrap.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/bootstrap.inc,v
retrieving revision 1.225
diff -u -r1.225 bootstrap.inc
--- includes/bootstrap.inc	15 Sep 2008 15:18:59 -0000	1.225
+++ includes/bootstrap.inc	17 Sep 2008 14:01:13 -0000
@@ -149,7 +149,12 @@
 /**
  * Role ID for anonymous users; should match what's in the "role" table.
  */
-define('DRUPAL_ANONYMOUS_RID', 1);
+define('DRUPAL_ANONYMOUS_RID', 0);
+
+/**
+ * Role ID for administrative superusers; should match what's in the "role" table.
+ */
+define('DRUPAL_ADMINISTRATOR_RID', 1);
 
 /**
  * Role ID for authenticated users; should match what's in the "role" table.

Index: modules/system/system.install
===================================================================
RCS file: /cvs/drupal/drupal/modules/system/system.install,v
retrieving revision 1.264
diff -u -r1.264 system.install
--- modules/system/system.install	15 Sep 2008 09:28:50 -0000	1.264
+++ modules/system/system.install	17 Sep 2008 14:11:14 -0000
@@ -380,10 +380,36 @@
 
   // Built-in roles.
   db_query("INSERT INTO {role} (name) VALUES ('%s')", 'anonymous user');
+  db_query("INSERT INTO {role} (name) VALUES ('%s')", 'administrator');
   db_query("INSERT INTO {role} (name) VALUES ('%s')", 'authenticated user');
+  // Same obstacle to overcome as the user id's above. Bump each rid down by one,
+  // resulting in 'anon' being rid0, administrator as rid1, and 'authenticated'
+  // being rid2.
+  db_query("UPDATE {role} SET rid = rid - 1");
+  // Now close the hole by changing the increment value to be 3, instead of 4.
+  db_query("ALTER TABLE {role} AUTO_INCREMENT = 3");
 
   // Anonymous role permissions.
+  db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 0, 'access content');
+  
+  // Administrator role permissions.
+  db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 1, 'administer blocks');
+  db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 1, 'access comments');
+  db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 1, 'administer comments');
+  db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 1, 'post comments');
+  db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 1, 'post comments without approval');
+  db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 1, 'administer filters');
+  db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 1, 'administer menu');
   db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 1, 'access content');
+  db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 1, 'administer content types');
+  db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 1, 'administer nodes');
+  db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 1, 'access administration pages');
+  db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 1, 'administer site configuration');
+  db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 1, 'select different theme');
+  db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 1, 'administer taxonomy');
+  db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 1, 'access user profiles');
+  db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 1, 'administer permissions');
+  db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 1, 'administer users');
 
   // Authenticated role permissions.
   db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 2, 'access comments');
@@ -3048,6 +3074,40 @@
   return $ret;
 }
 
+/**   * Add a third default role called 'administrator'.
+ */
+function system_update_7011() {
+  // Add the new role at position x.
+  db_query("INSERT INTO {role} (name) VALUES ('%s')", 'administrator');
+  // Change the rid of anonymous from 1 to 0, leaving a hole at position 1.
+  db_query("UPDATE {role} SET rid = rid - 1 WHERE (name) = ('%s')", 'anonymous user');
+  // Move the newly created Administrator role into position 1.
+  db_query("UPDATE {role} SET rid = 1 WHERE (name) = ('%s')", 'administrator');
+  // Now close the hole by resetting increment value to one less than it is now.
+  if ($GLOBALS['db_type'] == 'mysql' || $GLOBALS['db_type'] == 'mysqli') {
+    db_query("ALTER TABLE {role} AUTO_INCREMENT = AUTO_INCREMENT - 1");
+  }
+  
+  // Administrator role permissions.
+  db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 1, 'administer blocks');
+  db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 1, 'access comments');
+  db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 1, 'administer comments');
+  db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 1, 'post comments');
+  db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 1, 'post comments without approval');
+  db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 1, 'administer filters');
+  db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 1, 'administer menu');
+  db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 1, 'access content');
+  db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 1, 'administer content types');
+  db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 1, 'administer nodes');
+  db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 1, 'access administration pages');
+  db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 1, 'administer site configuration');
+  db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 1, 'select different theme');
+  db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 1, 'administer taxonomy');
+  db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 1, 'access user profiles');
+  db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 1, 'administer permissions');
+  db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 1, 'administer users');
+}
+
 /**
  * @} End of "defgroup updates-6.x-to-7.x"
  * The next series of updates should start at 8000.

Index: modules/user/user.admin.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/user/user.admin.inc,v
retrieving revision 1.25
diff -u -r1.25 user.admin.inc
--- modules/user/user.admin.inc	6 Sep 2008 08:36:22 -0000	1.25
+++ modules/user/user.admin.inc	17 Sep 2008 14:01:13 -0000
@@ -493,7 +493,6 @@
  * @see theme_user_admin_perm()
  */
 function user_admin_perm($form_state, $rid = NULL) {
-
   // Retrieve role names for columns.
   $role_names = user_roles();
   if (is_numeric($rid)) {
@@ -758,7 +757,7 @@
   $header = array(t('Name'), array('data' => t('Operations'), 'colspan' => 2));
   foreach (user_roles() as $rid => $name) {
     $edit_permissions = l(t('edit permissions'), 'admin/user/permissions/' . $rid);
-    if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) {
+    if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_ADMINISTRATOR_RID, DRUPAL_AUTHENTICATED_RID))) {
       $rows[] = array($name, l(t('edit role'), 'admin/user/roles/edit/' . $rid), $edit_permissions);
     }
     else {

Index: modules/user/user.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/user/user.module,v
retrieving revision 1.921
diff -u -r1.921 user.module
--- modules/user/user.module	15 Sep 2008 15:18:59 -0000	1.921
+++ modules/user/user.module	17 Sep 2008 14:16:17 -0000
@@ -1674,17 +1674,21 @@
 
   while ($role = db_fetch_object($result)) {
     switch ($role->rid) {
-      // We only translate the built in role names
+      // Only allow string translation of the three built-in role names.
       case DRUPAL_ANONYMOUS_RID:
         if (!$membersonly) {
           $roles[$role->rid] = t($role->name);
         }
         break;
-      case DRUPAL_AUTHENTICATED_RID:
+      case DRUPAL_ADMINISTRATOR_RID:
+        $roles[$role->rid] = t($role->name);
+        break;
+	  case DRUPAL_AUTHENTICATED_RID:
         $roles[$role->rid] = t($role->name);
         break;
       default:
         $roles[$role->rid] = $role->name;
+		// No break here.
     }
   }
 
@@ -1855,8 +1859,8 @@
 
   switch ($path) {
     case 'admin/help#user':
-      $output = '<p>' . t('The user module allows users to register, login, and log out. Users benefit from being able to sign on because it associates content they create with their account and allows various permissions to be set for their roles. The user module supports user roles which establish fine grained permissions allowing each role to do only what the administrator wants them to. Each user is assigned to one or more roles. By default there are two roles <em>anonymous</em> - a user who has not logged in, and <em>authenticated</em> a user who has signed up and who has been authorized.') . '</p>';
-      $output .= '<p>' . t("Users can use their own name or handle and can specify personal configuration settings through their individual <em>My account</em> page. Users must authenticate by supplying a local username and password or through their OpenID, an optional and secure method for logging into many websites with a single username and password. In some configurations, users may authenticate using a username and password from another Drupal site, or through some other site-specific mechanism.") . '</p>';
+      $output = '<p>' . t('The user module allows people to register, login, and log out of the site. Users benefit from being able to login because it allows them to post content and comments under their own name. Administrators benefit from having logged-in users because they can create roles for different groups of users and then establish various permissions for those roles. Each user can then be assigned to one or more roles. By default there are three roles: <em>anonymous</em> &mdash; a person who is not logged in, <em>authenticated</em> &mdash; a user who has both signed up for an account and who is currently logged in, and <em>administrator</em> &mdash; one who has been granted permissions to configure and maintain the site.') . '</p>';
+      $output .= '<p>' . t('Users can choose their own name or handle and can specify personal configuration settings through their individual <em>My account</em> page. Users must authenticate by supplying a local username and password or through their OpenID, an optional and secure method for logging into many websites with a single username and password. In some configurations, users may authenticate using a username and password from another Drupal site, or through some other site-specific mechanism.') . '</p>';
       $output .= '<p>' . t('A visitor accessing your website is assigned a unique ID, or session ID, which is stored in a cookie. The cookie does not contain personal information, but acts as a key to retrieve information from your site. Users should have cookies enabled in their web browser when using your site.') . '</p>';
       $output .= '<p>' . t('For more information, see the online handbook entry for <a href="@user">User module</a>.', array('@user' => 'http://drupal.org/handbook/modules/user/')) . '</p>';
       return $output;
@@ -1866,13 +1870,17 @@
     case 'admin/user/user/account/create':
       return '<p>' . t("This web page allows administrators to register new users. Users' e-mail addresses and usernames must be unique.") . '</p>';
     case 'admin/user/permissions':
-      return '<p>' . t('Permissions let you control what users can do on your site. Each user role (defined on the <a href="@role">user roles page</a>) has its own set of permissions. For example, you could give users classified as "Administrators" permission to "administer nodes" but deny this power to ordinary, "authenticated" users. You can use permissions to reveal new features to privileged users (those with subscriptions, for example). Permissions also allow trusted users to share the administrative burden of running a busy site.', array('@role' => url('admin/user/roles'))) . '</p>';
-    case 'admin/user/roles':
-      return t('<p>Roles allow you to fine tune the security and administration of Drupal. A role defines a group of users that have certain privileges as defined in <a href="@permissions">user permissions</a>. Examples of roles include: anonymous user, authenticated user, moderator, administrator and so on. In this area you will define the <em>role names</em> of the various roles. To delete a role choose "edit".</p><p>By default, Drupal comes with two user roles:</p>
-      <ul>
-      <li>Anonymous user: this role is used for users that don\'t have a user account or that are not authenticated.</li>
-      <li>Authenticated user: this role is automatically granted to all logged in users.</li>
-      </ul>', array('@permissions' => url('admin/user/permissions')));
+      return '<p>' . t('The permissions system is very flexible, and lets you control what users can do on this site. Each defined Role listed across the top (and configured on the <a href="@role">user roles page</a>) has its own set of permissions. For example, you could give users classified as "administrators" permission to "administer comments" but deny this power to ordinary, "authenticated" users. You can use permissions to reveal new features to privileged users (those with subscriptions, for example). Permissions also allow trusted users to share the administrative burden of running a busy site.', array('@role' => url('admin/user/roles'))) . '</p>';
+   case 'admin/user/roles':
+      $output = '<p>' . t('Roles allow you to fine tune the security and administration of Drupal. A role defines a group of users that are granted certain privileges in the <a href="@permissions">user permissions</a> section. Examples of common roles include: anonymous user, administrator, authenticated user, editor, moderator, content contributor, and so on.', array('@permissions' => url('admin/user/permissions'))) . '</p>';
+      $output .= '<p>' . t('By default, Drupal comes with three roles:') . '</p>';
+      $output .= '<ul>';
+      $output .= '<li>' . t('<strong>Anonymous user:</strong> This role is given to users that don\'t have a user account or that are not authenticated.') . '</li>';
+      $output .= '<li>' . t('<strong>Administrator:</strong> This powerful role allows certain respected people to perform most of the sitewide administrative tasks, including content administration and user administration. Use caution when assigning this role to other users, because it has the potential to allow them to delete content, users, and alter the security restrictions assigned to other roles.') . '</li>';
+      $output .= '<li>' . t('<strong>Authenticated user:</strong> This role is automatically granted to all logged-in users.') . '</li>';
+      $output .= '</p>' . t('To delete a role, use the \'edit role\' link.') . '</p>';
+      $output .= '</ul>';
+      return $output;
     case 'admin/user/search':
       return '<p>' . t('Enter a simple pattern ("*" may be used as a wildcard match) to search for a username or e-mail address. For example, one may search for "br" and Drupal might return "brian", "brad", and "brenda@example.com".') . '</p>';
   }