Problem/Motivation

The permission to see a user's profile is labeled "View user information." This is misleading, the label should reflect the permissions being granted which in this case is "Access Any User Profile."

The phrase "View user information" implies that those words are used to describe user data somewhere, and that is not the case. It was entirely unclear to me what data this permission allowed a user to view until I viewed the user.permissions.yml file.

The related issue says this change was to prevent confusion around contrib profile modules. I think renaming core labels to reduce confusion with contrib modules is a bad precedence. The responsibility should fall on contrib to not introduce confusion, rather than on core to change.

Steps to reproduce

Install Drupal, look at /admin/people/permissions and the label "View user information"

Proposed resolution

Rename the label for this permission to the more accurate "Access Any User Profile" or "View user profiles"

Add a description to this permission clarifying that this gives access only to viewing the Drupal user entity. And that users without this permission will not be able to access the users profile provided by the core profiles module.

Remaining tasks

Change line 13 on user.permissions.yml to the new label language. https://git.drupalcode.org/project/drupal/-/blob/10.3.x/core/modules/use...

User interface changes

The label for the "access user profiles" permission changes to a less misleading phrase more aligned with the permissions being granted.

API changes

Data model changes

Release notes snippet

Issue fork drupal-3427427

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

jhuebsch created an issue. See original summary.

cilefen’s picture

cilefen CreditAttribution: cilefen commented
Issue tags: -field labels, -permissions
Related issues: +#658148: The "access user profiles" permission is poorly named

Thanks to git log -S there is a pointer to the original issue, which is #658148: The "access user profiles" permission is poorly named. Have the conditions that led to the current naming changed? It has been fifteen years.

Sandeep Sanwale made their first commit to this issue’s fork.

Sandeep Sanwale opened merge request !7014

sandeep sanwale’s picture

sandeep sanwale CreditAttribution: sandeep sanwale at OpenSense Labs for DrupalFit commented
Status: Active » Needs review

changed the label of access user profiles from View user information to access user profiles in user.permissions.yml .

smustgrave’s picture

smustgrave CreditAttribution: smustgrave at Mobomo commented
Status: Needs review » Needs work
Issue tags: +Needs usability review

Has test failures.

cilefen’s picture

cilefen CreditAttribution: cilefen commented
Issue tags: +Needs issue summary update

The issue summary must be edited to include why this reversal of a prior decision is appropriate.

jhuebsch’s picture

jhuebsch CreditAttribution: jhuebsch commented
Issue summary: View changes

I have updated the Issue summary with a response to the related issue as well as an alternative proposed resolution of including a description for this permission.

jhuebsch’s picture

jhuebsch CreditAttribution: jhuebsch commented
Issue summary: View changes
sandeep sanwale’s picture

sandeep sanwale CreditAttribution: sandeep sanwale at OpenSense Labs for DrupalFit commented
Status: Needs work » Needs review

I have added the description for the Access User Profiles permission . please review this .

smustgrave’s picture

smustgrave CreditAttribution: smustgrave at Mobomo commented
Status: Needs review » Needs work

Now the solution goes against the issue summary. Proposed solution should match

Binoli Lalani made their first commit to this issue’s fork.

binoli lalani’s picture

binoli lalani CreditAttribution: binoli lalani at QED42 for Drupal India Association commented
Status: Needs work » Needs review

Hello,

I updated the permission description as per Proposed resolution and fixed unit testcase errors. Please review latest commit.

Thank you

smustgrave’s picture

smustgrave CreditAttribution: smustgrave at Mobomo commented
Issue summary: View changes
Status: Needs review » Needs work

Left a comment but if read out loud doesn't sound correct. "With this permission can do this. And without this permission you can't do this" is kinda how I'm reading this. Left a comment

Still appears to have test failures.

demonde’s picture

demonde CreditAttribution: demonde commented

It would be better to call this "Access Any User Profile" instead of "Access User Profiles", so it is clear this does not mean that users can access their own profile.

sakthi_dev made their first commit to this issue’s fork.

sakthi_dev’s picture

sakthi_dev CreditAttribution: sakthi_dev at Specbee for Drupal India Association commented
Title: "Access User Profiles" permission label is misleading » "Access Any User Profile" permission label is misleading
Issue summary: View changes

Updated the title/name of the permission. Also updated the IS.

annmarysruthy made their first commit to this issue’s fork.

quietone’s picture

quietone CreditAttribution: quietone at PreviousNext commented
Version: 10.3.x-dev » 11.x-dev

Changes are made on on 11.x (our main development branch) first, and are then back ported as needed according to our policies.

niranjan_panem’s picture

niranjan_panem CreditAttribution: niranjan_panem at Material commented

View user information:
This is a direct and clear statement about accessing data. It implies a reading or looking at the information, not necessarily manipulating it.

Access any user profile:
This phrase is broader. It could refer to viewing the profile, but it could also imply editing, modifying, or taking other actions within the profile.