Last updated August 26, 2014. Created on February 19, 2007.
Edited by dobie_gillis, nflowers1228, flip, skessler. Log in to edit this page.

One of the great features of Drupal is the ability to control how and what people can access on your site. You can set permissions for these "users" to define who can do what for Drupal core features and contributed modules. For example, you probably won't want casual visitors to edit your homepage. However, the site owner or trusted user should be able to do so. To learn more about the term "user", learn about Differentiating the Four Different Kinds of "Users" Encountered When Installing Drupal.

Drupal allows you to setup any number of different kinds of users or 'Roles'. Many websites have editor and site administrator roles; editors to make content updates and site admins to install new modules and make larger configuration changes.

Out of the box, Drupal recognizes two types of site visitors - those who are logged in (or 'Authenticated' users) and those who are not (or 'Anonymous' users). The exception is the first user created (user/1) -see here. Although it is not necessary, many sites have additional levels of users.

Managing roles in Drupal 5.x and 6.x

To create or edit a role, click Administration > User management > Roles.
To create or edit a user, click Administration > User management > Users.
To specify the permissions for a role, click Administration > User management > Permissions.

To add editors to your site, you will first need to create an editor role. Click Administration > User management > Roles. Type in the name of your new role (e.g. 'editor') and click 'Add role'.

To add a new 'editor' user, go to Administration > User management > Users and click the 'Add User' tab. After typing the username and email address, enable the 'editor' checkbox and click 'Create new account'.

Finally, you can configure permissions for editors at Administration > User management > Permissions. To give editors the ability to edit any page within the site, scroll down the permissions page and click the checkbox next to 'edit any page content'.

Managing roles in Drupal 7

To create (or edit) a role, navigate to the Roles Page People > Permissions tab > Roles tab . Like the example above, in 5.x and 6.x, Type in the name of your new role (e.g. 'editor') and click 'Add role'.

Adding 'editor' role

Having created the 'editor' role, now, create a user. Navigate to the People Page People and click '+ Add user'

Adding a new 'editor'

After typing the username and email address, enable the 'editor' role by selecting 'editor from roles and click 'Create new account'.

Be sure to select the 'editor' role

Finally, you can configure permissions for editors at People > Permissions tab. To give editors the ability to edit any page within the site, scroll down the permissions page and click the checkbox next to 'edit any' for each content type.

Set the 'edit any' permissions for the new 'editor' role

Looking for support? Visit the Drupal.org forums, or join #drupal-support in IRC.

Comments

mibstar’s picture

I'm having some issues with permissions and was wondering if there is a specific rule regarding precedence.

For example, if authenticated users have permissions to do more than say 'sample-role'. Which one will take precedence?

NancyDru’s picture

Essentially all permissions are merged into what the user experiences. So if a user is logged in as "sample-role" they get everything an "authenticated user" can do PLUS whatever "sample-role" allows. So if you want some users restricted from something, "authenticated user" should be the lowest level of permissions and other roles should increase their permissions.

ctrahey’s picture

Perhaps this document should include a quick reference to the special user #1, and an explanation of why/how that user is special. I think this would put the concept of "roles" in perspective, since the only user that a new reader is familiar with doesn't exactly fit in either of the two mentioned user types.

edit - modified document to mention user/1

captaingeek’s picture

any detail on what specific permissions do? like what does "display drupal links" do under Access control permssions?? It be nice to have a list with definitions.

NancyDru’s picture

The bad news: In D6, unless the maintainer makes a point of telling you, no there's not any way of knowing without digging into the module.

The good news: In D7, a developer can add a description to the permissions. It may take a while before most do though (hint: that's what issue queues are for).

sam.foster’s picture

Can anyone tell me if there is an upper limit on the number of user/roles?

Thanks

Sam

NancyDru’s picture

There is no design limit, but both could have some impact on performance, probably roles more than users.

axis42’s picture

Hi,
We changed our editorial policy which forced me to change permissions for the "blogger" role and take away their ability to "publish own blogpost content." However, one of our bloggers was able to publish something yesterday after I did make that change. I went and looked at user->permissions to confirm that I saved the changes and it shows that blogger does not have the ability to publish own blogpost content (or anything else for that matter).

Do I need to clear caches? Do I need to have the log out and log back in? Is there something else?

This is on Drupal 6.x

Thanks for the help
Charlie

www.sustainableindustries.com
(New Drupal-powered version under development)

NancyDru’s picture

The permission is checked when they begin the create content process. If they then wait (even hours), they still have already been granted permission. If you can confirm that they had a page build other than that after you changed the permissions, then you can open a core issue.

And it rarely hurts to clear caches when doing a significant admin action.

atschider’s picture

Drupal 7: I have a large list of organization members in an excel spreadsheet that I would like use to quickly upload to create user accounts on the Web site. is that doable? Their initial default password is their last name/first initial.

nitvirus’s picture

Feeds provide you with functionality of uploading users in csv files.

vsaroha’s picture

I created a new role 'non validated user'. The new role hierarchy is -

Anonymous user
authenticated user
non validated user -->> new role created by me
admin

Based on the comments in this discussion thread it seems that this role should inherit all permissions for authenticated user + some others (set for this role) . But i am observing that my role permissions are completely disconnected from authenticated user permissions i.e no matter what is set for authenticated user, i need to repeat the same for this role too. Is this correct or a bug?

Please note that another role created by me 'validated user' behaves as expected i.e its auth user permission + its own

I am on drupal version 7.18

Another observation is that on the /admin/people page I do not see the role 'non validated user' listed under the update option - "add a role to the selected users" while the second custom role is seen.

Is something wrong with the way i created the new role? Please help.

NancyDru’s picture

Roles are not hierarchical. Logged in (authenticated) users get whatever permissions you set. The "non validated user" will get whatever permissions are set for that role. If "non validated" users are logged in, then they should get both. That is, roles are additive.

vsaroha’s picture

thanks NancyDru.

Second part of the problem is I am not able to assign this new role to my users from the admin/people page, as I do not see the role 'non validated user' listed under the update option - "add a role to the selected users". I can see the other custom roles.

What am I missing here?

thanks in advance.
vsaroha

NancyDru’s picture

First, try clearing the cache. Then try adding it in the user edit page. If neither of those work, delete the role and re-add it.

basillic’s picture

This is typically the behavior of the "Non-authenticated" role with Login Toboggan :
* The "Non-authenticated" role is hidden from the user profile
* The "Non-authenticated" role is not checked with "Authenticated user" into admin/people/permissions.

brsnyder’s picture

Nancy, it seems like the questioner was saying non-validated user SHOULD get authenticated permissions plus non-validated permissions, but was not.

Based on the comments in this discussion thread it seems that this role should inherit all permissions for authenticated user + some others (set for this role) . But i am observing that my role permissions are completely disconnected from authenticated user permissions i.e no matter what is set for authenticated user, i need to repeat the same for this role too. Is this correct or a bug?

Your answer says "they should get both." What am I missing here?

Thanks.

NancyDru’s picture

This is one of those cases where I find it hard to debug without seeing it. I have certainly never seen a situation such as described. The fact that he cannot assign the role to a user kind of tells me that something is quite screwed up. I would probably delete the role and recreate it and see if that fixes everything.

Aver Atom’s picture

I'd like Drupal.org to enhance learning for site administration by pasting pictorial screenshots of the server section in addition to every detail in the Administrative guides. Thanks!

D8

frankblaze’s picture

I created a custom module and i want to create 2 roles (applicants & employers) and assign permissions automatically after installation of the module in druplal 7......Can someone pls help with the codes to create roles and permission in a custom module.
Tanx

paxitoza’s picture

Hi,

I have Drupal 7 installed and I would like to create 2 different type of users. One who can create/edit content without publishing it and one who can publish that particular content created/edited by the first user. Which of the check boxes do I use for both users?

aniket1792’s picture

Hi everyone, i am new to drupal , i had just edited the block and change the access of user login block .
I had provide access only to administrator. Now when i try to login now the login page is not appearing .
I also tried to open it directly by "http://localhost/drupal12/admin/login" URL, it showing me error as "Access Denied" .
Can anyone plz help me regarding this.

Thanking in Advance.
Aniket Kharade

NancyDru’s picture

When you are logged out, you are no longer admin but anonymous.

You can still login by "http://localhost/drupal12/user" -- that is actually the word "user" not your name or id.

aniket1792’s picture

So wht's the solution for it. ..Could you plz help me?

NancyDru’s picture

Simply put /user on the end of the URL and it will take you to the log in page.

aniket1792’s picture

I tried that too, but it is redirecting me to "Access Denied" page.
Is there any way from database?

Thanks in Advance

-issue’s picture

type
http://www.domain name.com/?q=user/login

shinethazhava’s picture

In my project there is one type of user with permission. The user can only add custom article. After user login
User can acess the add content link from navigation side bar. the problem is where user get own article list

thanks

NancyDru’s picture

You will probably have to write a View to show the content for that user. Or you might see if the core Tracker module does what you need.

EDIT: Just found Content Tab module.

shinethazhava’s picture

I need just like this

Thanks

NancyDru’s picture

This is very basic code to add to a module. If you want a pager, I suggest learning Views.

<?php
 
global $user;
 
$table = array(
   
'header' => array(),
   
'rows' => array(),
   
'attributes' => array('id' => 'my-content-list'),
   
'empty' => t('You have not created any content yet.'),
    );
 
$types = node_type_get_names();
 
$results = db_query("SELECT type, status, title, nid FROM {node} WHERE uid = :me", array(':me' => $user->uid));
  foreach (
$results as $row) {
   
$table['rows'][] = array(
     
l($row->title, "/node/$row->nid"),
     
check_plain($types[$row->type]),
      (
$row->status ? t('published') : t('not published')),
      );
  }
  return
theme('table', $table);
?>