Assigning permissions and users to roles

Last updated on
17 August 2016

This documentation is deprecated. Recommend a change or new documentation.

Access to almost all Drupal modules can be controlled by either enabling or disabling permissions for a given role. As a security precaution, the anonymous and authenticated users are configured with very minimal permissions during a site install. You'll have to consider which permissions to enable.

Go to the permissions administration page (administer >> access control >> permissions) tab to begin enabling or disabling permissions. Consider the following descriptions of permissions:

  • Administer -- Administer permissions, such as administer content and administer users, are usually reserved for the most trusted site users. These administration privileges grant users extensive control of the specific module(s) described by the permission title. For example, when administer permissions are granted on modules associated with specific node types, the user will be able to edit and delete all content for that node type on the entire site. Reminder: you'll have to assign access administration pages rights to any role which also needs to configure site options in the administration menu.
  • Access -- Permissions which grant access allow users read-only rights or general use of specific site modules, without any significant configuration privileges. Typically, these roles do not permit the creation of content. Most access permissions are safe to assign to any user role, although giving access administration should generally be reserved for the most trusted users.
  • Create -- Allows users to create, but not necessarily edit later, the specified type of content. Generally applies to node types.
  • Maintain -- These permissions generally enable a user to create content, as well as allowing the author of the submitted content to edit their own content. If you want to allow new site members to keep a weblog or work on the collaborative book, you'll need to enable maintain permissions for the authenticated user.