Using roles and permissions

Submitted by Marc on Mon, 09/06/2010 - 2:44pm

When you first create your Drupal site, you are asked to supply a user name and password. This first user (User ID 1) is the "root" user. This user has complete control over the site. So, you will want to give this first user a special name like admin, webmaster, or some other such signifier. Don't worry if you have already created this user with another name; you can update this user's name at any point. Just sign in and use the "My account" link from the Navigation menu or go to the path user/1. In general, you don't want to create any content under this profile. You also don't want to do your testing under this profile, since it bypasses all the permissions checking. But, you may have a need on your site to have a user who does have essentially the same access as the root user.

You can do this through the roles and permissions functionality in Drupal. To create a new role, navigate to admin/user/roles. You will notice the two default roles already supplied by Drupal: anonymous user and authenticated user. Name your new role something like "admin", "uber user", or "root user." Then navigate to admin/user/permissions. Enter a check into every checkbox under the role you just added. Keep in mind that as you add new functionality to your site, it will be necessary to update the permissions for this role. Since you will have already selected "administer permissions" under the user module group, it will be possible for an individual with this role to make the changes. There is a contributed module that assists you in in maintaining the "admin role".

It is possible to add an unlimited number of roles to your Drupal site, and each role can have any combination of the checkboxes checked. Just be careful to not allow any loop holes that will enable one or more users to collaborate to circumvent your intended access restrictions.

Each module in your Drupal installation defines its own set of permissions. So, as you add/enable modules, make sure to visit the permissions page to see if you need to make any changes.

As you work more with Drupal you will find many ways to take advantage of roles and permissions. So, have a look at them now and start thinking about how you can put them to use. CCK even provides a way for you to control permissions at the field level via the Content Permissions. There is also a field permissions contributed module.

Full disclosure: As a matter of convenience, I have decided to name the root user on this site "Marc" and create my posts under that user. I made this decision based on the fact that I don't intend to allow anybody else to register on the site, and therefore have no real need to have more than just the root user.