A user is anyone who visits your website, including you, whether or not they have an account on the site. Drupal manages what different users can view and do on your site through an access control system that uses roles and permissions. Permissions are very granular and determine specific access, like "administer users", while roles bundle sets of permissions together to make them easier to assign to different users. Drupal core comes with 3 default roles: anonymous, authenticated, and administrator. You can add to this list and customize the permissions for all of them.
As a module developer, you can programmatically get information about users. You can also add your own custom permissions to the site to allow or restrict access to features or tasks.
Example tasks
- Create a new user
- Allow a user to create content
- Define a role with a limited set of permissions
Confidence
This is a stable core feature without significant changes since 8.0.
Drupalize.Me resources
We are still filling out our Drupal 8 library and this page will be updated with new tutorials as they are created.
Spotlight: Drupal Access Control (Drupal 7)
- Explains users, roles, and permissions, and how they work together.
Working with People - Roles and Permissions (Drupal 7)
- Create a new role, add permissions to it, and then assign the role to a user.
Get Information about the Current User (Drupal 8)
- Shows how to use the 'current_user' service to load an object that contains information about the current user.
Define Permissions for a Module (Drupal 8)
- How to create permissions for your custom modules.
External resources
- User Guide, Chapter 7: Managing user accounts (drupal.org)
- Official community documentation that explains user concepts and tasks.
- User Management (leveluptutorials.com)
- Video that shows how to create a new user and explains the standard user settings.
- Roles and Permissions (leveluptutorials.com)
- Video that walks through creating a new role and assigning permissions.
- User accounts, permissions, and roles API (api.drupal.org)
- This is the official API documentation for developers who need to work with user accounts, access checking, roles, and permissions.