User permissions
Note: Only the Super Administrator has permission to make these changes.
Permissions are used to determine what aspects of your site your various users are allowed to access.
Each user can be assigned one more more roles. Each role has a set of permissions assigned, so when you add a new user you can give them the appropriate role(s) without having to individually assign each permission.
All Drupal sites have the following roles by default:
- Anonymous: a user who has not logged in. Generally an anonymous user has very few permissions.
- Authenticated: a user who has signed up and been authorized. This could be a visitor who is logged in or a site editor.
By default, only the Super administrator has authority to create new roles or change the permissions assigned to each role. He/she can list and edit all of the configured security roles via
Administer > User management > Roles
Click 'Edit permissions' to fine tune the permissions of each role.
An overview of permissions assigned for all roles can be viewed and edited at
Administer > User management > Access control
The list of permissions looks very long because it is grouped by Drupal module. But if you pay close attention to the action described for each item, you can decide which permissions are appropriate for each of the roles. If in doubt, contact us.
Comment permission
One group of permissions which the super administrator commonly edits is the 'Comment' permissions:
Under the Comment modules heading, check ‘access comments' and 'post comments' as appropriate for your roles.
Note: The permission 'post comments without approval' should only be checked if you fully trust all of the users assigned to a specific role. For example, it is wise to leave this permission unchecked for posts by anonymous users, to ensure they are moderated by someone who has the 'administer comments' permission, before the posts appear on your site.
Other Common Roles:
General site administrators are typically limited to editing content and user details, as opposed to roles. Some of the administration features they may use are:
List users at Administer > Users.
Create new users at Administer > Users > Add user.
Configure user registration, user email, and user picture settings at Administer > User Settings.
Users can edit some personal settings, such as their password, through their individual 'My account' page.
Warning!
There are two things you MUST NOT DO:
- Do not give any role the control 'administer access control' (in the user module), as this will allow any user in this role to edit their permissions, thereby giving them entire control of your site.
- Do not enable any permissions that includes the word "PHP", as this allows the user to do anything to your site. Eg with even a basic grasp of the programming language PHP, the user could delete all of the information that is stored in your database.
Configuring your Site
A number of configuration requirements are discussed in the search engine optimisation section. Another action you may wish to perform is to change the site's date and time settings:
Administer > Site Configuration > Dates and time
Note: It is best to check a few areas of your site afterwards to ensure that these changes do not cause formatting problems.
