Advertising sustains the DA. Ads are hidden for members. Join today

On this page

Roles and Permissions

Last updated on
11 October 2025

This page has not yet been reviewed by Drupal maintainer(s) and added to the menu.

This documentation needs review. See "Help improve this page" in the sidebar.

Creating new roles

Creating custom user roles and permissions in Drupal 10 involves several steps. Here's a detailed guide to help you through the process:

Log in as an administrator

Ensure you are logged in to your Drupal site as an administrator or a user with permission to administer user roles and permissions.

Create a custom role

Navigate to the Roles page

Go to the admin toolbar, click on People, then click on Roles.

Add a new role

  • Click on the + Add role button.
  • Enter a name for your new role (for example, Content editor).

Assign permissions to the custom role

Navigate to the Permissions page

In the admin toolbar, go to People, then click on the Permissions tab.

Assign permissions

  • Find your newly created role in the list.
  • Check the boxes next to the permissions you want to grant to this role. Permissions are organized by module and function.
  • After selecting the appropriate permissions, scroll to the bottom of the page and click on Save permissions.

Assign the custom role to users

Navigate to the Users page

Go to the admin toolbar, click on People.

Edit user accounts

  • Find the user you want to assign the role to and click on Edit next to their name
  • Scroll down to the Roles section
  • Check the box next to the custom role you created

Additional Tips

  • Combining Roles: Users can have multiple roles, and their permissions will be cumulative.
  • Testing Roles: It’s a good practice to create a test user account with the new role to verify that the permissions are working as expected.
  • Revisiting Permissions: As your site evolves, you might need to revisit and adjust the permissions.

Advanced Customization

If you need more granular control over permissions, consider using additional modules such as:

  • Content Access: Allows you to control access to content types by role and author.
  • Taxonomy Access Control: Provides access control based on taxonomy terms.
  • Role Delegation: allows site administrators to grant specific roles the authority to assign selected roles to users, without them needing the administer permissions permission.

Creating custom permissions

Creating custom permissions in Drupal 10 involves creating custom modules and defining permissions within those modules. Here’s a step-by-step guide to help you create custom permissions.

Set up your custom module

Create the module directory

  • Navigate to the modules/custom directory in your Drupal installation.
  • Create a new directory for your module, for example, custom_permissions.

Create the module info file

Inside the custom_permissions directory, create a custom_permissions.info.yml file with the following content.

name: 'Custom Permissions'
type: module
description: 'A module to add custom permissions.'
core_version_requirement: ^10
package: Custom
dependencies:
  - drupal:user

Define Custom Permissions

Create the permissions YAML file

In the custom_permissions directory, create a custom_permissions.permissions.yml file with your custom permissions defined.

access custom content:
  title: 'Access custom content'
  description: 'Allow users to access custom content.'

administer custom settings:
  title: 'Administer custom settings'
  description: 'Allow users to administer custom settings.'

The permission machine name must not have the same name as a module (it breaks the permission pages layout). The best practice is to use a phrase starting with a verb, followed by a direct object.

Restricted permissions

If a permission is dangerous and could be used to take over the site, you can add the "restrict access" key to indicate it should only be given to trusted users.

insert javascript:
  title: 'Insert custom JavaScript into pages'
  restrict access: true

This will display a warning for this permission on the permissions form.

You can also provide a custom warning (that will override the default warning):

insert javascript:
  title: 'Insert custom JavaScript into pages'
  restrict access: true
  warning: 'This permissions is dangerous because it allows injecting arbitrary JS'

Implement the permissions in your module

Create the module file

In the custom_permissions directory, create a custom_permissions.module. This file can remain empty for now, but it's necessary for the module to be recognized.

Enable your module

Enable the module

  • Go to the admin toolbar, click on "Extend."
  • Find your module ("Custom Permissions") and enable it.

Assign custom permissions

Navigate to the Permissions page

Go to the admin toolbar, click on People, then click on the Permissions tab.

Assign Permissions

  • Find your custom permissions in the list.
  • Assign these permissions to the appropriate roles by checking the boxes next to the permissions.
  • Click "Save permissions" at the bottom of the page.

Example: Using Custom Permissions in Code

If you want to check for these custom permissions in your code (for example, in a custom page callback or block), you can use code similar to the following one.

use Drupal\Core\Access\AccessResult;
use Drupal\Core\Session\AccountInterface;

/**
 * Custom access callback.
 */
function custom_module_access(AccountInterface $account) {
  return AccessResult::allowedIf($account->hasPermission('access custom content'));
}

Help improve this page

Page status: Needs review

You can: