HomeUsing Drupal 6Users

Additional roles

Initially, all registered users take the authenticated user role, (except for the single administrator role).

On larger sites, it isn't possible for one person to do everything. You need additional users who have some of the extra permissions required to adminsiter the site.

For example, if your site receives a lot of postings, you might need several people to moderate the postings, weeding out any offensive or abusive posts. We might call this role moderator. You might grant this role extra permissions:

  • to delete postings
  • to revert content to a previous revision
  • to block users

You don't need to give moderators full admin rights, for example a moderator doesn't need to be able to edit the site menus. Generally it is best to give roles only the permissions they are likely to need.

As another example, if you run a busy news site you might restrict the posting of news stories. You might have a role called journalist which has permission to publish stories. You might go even further and only allow journalists to submit stories as unpublished, and you could have an extra role, editor, which is allowed to publish these stories.

Creating new roles

It is quite easy to create a new role. Go to Navigation | Administer | User management | Roles. In the Add role box type your new role name and push the button.

The new role (moderator for example) appears in the list of roles. Click the edit permissions link to set the permissions you need for that role.

There is also a edit role link. This just lets you rename or delete the role.

Assigning roles

Assigning roles (other than authenticated user) is a manual process. You only assign trusted roles to trusted users, and Drupal requires you to do this on a user by user basis.

Additional roles can be assigned to existing users, or they can be assigned when a user account is created manually. This is described under user management.

As you will see when you do this, all registered users have the authenticated user role, and this cannot be removed (except by removing their account altogether). Any additional role adds to the permissions already inherited from the authenticated user role.

You can assign more than one role to a particular user, and the permissions of the user wil then be the super-set of all permissions of all roles the user has.

More than one administrator

What if you need your site to have more than one administrator? Perhaps your site is manned 24/7 and you always need someone around who can do absolutely everything?

Drupal only permits one administrator account. However, if you create a role which has all permissions enabled, it is virtually the same as an admin account. In fact, if you create a role which has administer permissions and access administration pages enabled, then users with that role will be able to assign themselves any further permissions they require.

Note that such a user has almost total control of the site. They can add or remove users, and add or remove permissions for any role. They cannot affect the permissions of the real administrator account, but they can change any password, including the administrators password, ie they could lock you out of the site.

adminsiter permissions and adminsiter users are not permissions to be granted lightly.