Users, Roles, and Permissions

  
Last updated April 2, 2018
Site BuildingModule DevelopmentDrupal 8Drupal 7

A user is anyone who visits your website, including you, whether or not they have an account on the site. Drupal manages what different users can view and do on your site through an access control system that uses roles and permissions. Permissions are very granular and determine specific access, like "administer users", while roles bundle sets of permissions together to make them easier to assign to different users. Drupal core comes with 3 default roles: anonymous, authenticated, and administrator. You can add to this list and customize the permissions for all of them.

As a module developer, you can programmatically get information about users. You can also add your own custom permissions to the site to allow or restrict access to features or tasks.

Example tasks

  • Create a new user
  • Allow a user to create content
  • Define a role with a limited set of permissions

Confidence

This is a stable core feature without significant changes since 8.0.

Drupalize.Me resources

We are still filling out our Drupal 8 library and this page will be updated with new tutorials as they are created.

Drupal 7

VideoHDCC

Spotlight: Drupal Access Control

14m8s  //  Site Building, Site Administration, Drupal 7
VideoHDCC

Hands-On: Creating Roles and Users

8m11s  //  Site Building, Drupal 7
VideoHDCC

Hands-On: Configuring Permissions

14m12s  //  Site Building, Drupal 7
VideoHDCC

Working with People - Roles and Permissions

7m21s  //  Site Building, Drupal 7
Tutorial

Get Information about the Current User

Module Development, Drupal 8, Drupal 9
More information

Want to know if the person that's viewing your custom block is authenticated? Need to change the elements visible on the page based on a user's permissions or roles? Want to display a welcome message for users returning to your site?

All of these things require knowing who the user is that's currently accessing a page. This can be accomplished by using the current_user service to load an object that contains information about the current user as well as methods for checking permissions, and retrieving additional information.

In this tutorial we'll:

Tutorial

Define Permissions for a Module

Module Development, Drupal 9, Drupal 8
More information

If you've ever built or administered a Drupal site, the permissions page (/admin/people/permissions) is probably quite familiar.

If you're new to module development, you may wonder where these permissions come from, and how you can specify your own permissions. In this tutorial we'll answer those questions.

Drupal 8

The following tutorials are from the Drupal 8 User Guide, official community documentation that explains user concepts and tasks.

Tutorial

4.5. Configuring User Account Settings

Free
Site Building, Site Administration, Drupal 8, Drupal 9
More information

How to change user account registration settings.

Collection

Chapter 7. Managing User Accounts

Site Building, Site Administration, Drupal 9, Drupal 8
7 tutorials
Loading ...

More Guides

We have guides on many Drupal skills and topics.

Explore guides

External resources

  • User Management (leveluptutorials.com)
    • Video that shows how to create a new user and explains the standard user settings.
  • Roles and Permissions (leveluptutorials.com)
    • Video that walks through creating a new role and assigning permissions.
  • User accounts, permissions, and roles API (api.drupal.org)
    • This is the official API documentation for developers who need to work with user accounts, access checking, roles, and permissions.