On this page:
Drupal controls access to its features through the use of roles. A role describes a type of user by defining what they can see and do. A role can be granted a set of permissions. Three roles are already created for you.
- The anonymous role allows any unnamed individual to view your site without logging in. They cannot access administrative features. This is the default role set up by Drupal for anyone visiting your site.
- The role of authenticated user is assigned to anyone who logs into your site through Touchstone. The authenticated user role has some additional limited access rights assigned to it. This role is useful because it targets users with an MIT Kerberos username and password. You might, for example, want to restrict access to a particular web form by granting permission specifically to this role.
- Your role is the Content Manager role. You have a broad range of permissions which allow you to create, edit and manage content, change the appearance, structure and functionality of your Drupal site, and assign access and roles to others.
You can assign the Content Manager role to others thereby extending to them the exact same set of permissions which you have. You should be careful to ensure that only trusted users are given this access and level of control of your site. You can also add additional roles.
If you will be dealing with a lot of content, you will probably want to assign the role of Content Manager to others as well.
- From the Admin menu, click People. Be sure you are on the List tab.
- Click edit to the right of the person’s username.
- In the Roles section, click the box for content manager.
By default, each user who is assigned the content manager role will have the same permissions as you. They will have access to the Administrator Toolbar and all the functionality it provides. You should be careful to ensure that only trusted users are given this access and level of control of your site. It is possible to create a new role and assign it fewer permissions.
- Click the check box to the left of a username. You can select multiple names or select all names by clicking the check box in the column head.
- Make a selection in the Update Options pop-up menu to perform the action on all selected users.
With a very long user list of users, you may need to filter the list to show users with only certain characteristics. Click Show Only Users Where to filter by role, permission or status.
It is possible to create a new role, add permissions to that role and assign that new role to certain users. For example, you could create a role for an editor who would have access to only certain types of pages.
- From the Admin menu, click People, then the Permissions tab, then Roles.
- Enter a name for the role and click Add role.
- Click edit role to change the role name or to delete the role if necessary.
Note the newly created role of news editor. This is the only role which has been created by the administrator. Anonymous user, authenticated user and content manager have been created for you. You may not change their names.
Before granting any permissions to your newly created role, or assigning it to any users, you will need to grant the content manager role permission to do that. When you as a content manager create a new role, you must enable the granting of that role to others. This is done by adding permission to delegate to the content manager role.
Granting the Content Manager Role Delegation Permission
- From the Admin menu, click People, then the Permissions tab.
- Scroll to the Role Delegation section, and grant the content manager permission to assign the news editor role by clicking the box.
- Scroll to the bottom and click Save permissions
This is how permissions are granted. Now that you have given yourself (and your fellow content managers) the ability to assign this new role, you can assign it to users, and give it some permissions.
- From the Admin menu click People then the Permissions tab.
- Click the boxes for permissions you wish to add.
You can add or change the set of permissions for any role. Be careful when assigning permissions to the authenticated user role. Authenticated users include everyone at MIT. It is advisable not to assign additional permissions to the anonymous role. This would be any public person viewing your site.
There is one more significant thing to note which you can see more clearly on the Role page.
The order indicates a hierarchy of permission levels from fewest privileges at the top to most privileges at the bottom. This is significant because any permissions granted to authenticated users will be available to anyone who logs in using Touchstone, even if they have additional roles assigned to them. The news editor role will have all the permissions assigned to the authenticated role and the additional permissions assigned to the news editor role. Anyone assigned the content manager role will have all the permissions assigned to the authenticated role and the news editor role plus the additional content manager permissions.