Virtual Roles is a module that allows user roles to be assigned to a user's account dynamically, which can differ depending on the URL being viewed.

Virtual Roles (hereafter referred to as VR) was developed and is supported by the fine folks at Port to Drupal 7 was made possible by the support of and Choice Wireless.

VR provides an API so that other modules can provide "contexts" (tests) to decide whether or not a role should be granted to a user. This allows for complex handling of user permissions within any Drupal system. Administration pages are found as tabs on the User Roles administration page (admin/user/roles/virtual_roles).

Use Case Examples

Possible use cases are as follows:

  • A role that only gets assigned after a user has posted X number of posts or comments, or has hit a post limit for the hour/day/week, etc.
  • A role is assigned if the user is looking at a node for which a special relationship exists with the author.
  • A user is granted "administer nodes" if they are the the author of that node.

I do not mean to imply that VR provides the contexts necessary for these use cases, since they all contain a custom element that cannot be anticipated in a general module release. VR does, however, provide the framework (API) necessary to make them work. I am willing to include contexts for core modules into VR, but VR contexts for other contrib modules should be added to those modules.

Look at the included README.txt for more information about VR and how to write your own contexts using the VR API.


In order to work, VR must execute very early in the page loading mechanism (as in hook_boot() early). In order to not kill your site's performance, VR provides a sanity check, designed as a quick bail-out if it can be easily determined that VR does not need to be applied. The default sanity check will only allow processing of registered users.

Because some contexts and tests can be database-intensive to run, VR provides a flexible caching mechanism which not only stores variables for the specified lifetime, but allows the site admin to choose where the variables should be stored: in the session variable, in the database cache table, or no caching at all. In addition, the site admin can also choose how many variables to store to avoid a bloated database table.

VR also has the ability to remove roles from the user edit page, so that roles will not accidentally be permanently assigned on the user edit page. It is recommended that this feature is used.

Other Modules That Play Nicely With VR

A second module is included with VR which integrates with the Masquerade module. It allows for a user to inherit some or all of their original roles while masquerading as someone else.

If you know of any other modules that provide contexts for VR, then please let me know so that I can list them here.

Project information

  • caution Minimally maintained
    Maintainers monitor issues, but fast responses are not guaranteed.
  • caution Maintenance fixes only
    Considered feature-complete by its maintainers.
  • chart icon18 sites report using this module
  • shieldStable releases for this project are covered by the security advisory policy.
    Look for the shield icon below.