- Users who are not logged in, or anonymous users
- Users who are logged in, or authenticated users
- The administrative user account that was automatically created when you installed your site, or User 1. See Section 7.2, “Concept: The User 1 Account”.
The ability to do actions on your site (including viewing content, editing content, and changing configuration) is governed by permissions. Each permission has a name (such as View published content) and covers one action or a small subset of actions. A user must be granted a permission in order to do the corresponding action on the site; permissions are defined by the modules that provide the actions.
Rather than assigning individual permissions directly to each user, permissions are grouped into roles. You can define one or more roles on your site, and then grant permissions to each role. The permissions granted to authenticated and anonymous users are contained in the Authenticated user and Anonymous user roles, and depending on the installation profile you used when you installed your site, there may also be an Administrator role that is automatically assigned all permissions on your site.
Each user account on your site is automatically given the Authenticated user role, and may optionally be assigned one or more additional roles. When you assign a role to a user account, the user will have all the permissions of the role when logged in.
It is a good practice to make several roles on your site. In the farmers market site example, you might want the following roles:
- A Vendor role that allows vendors to edit their own vendor listing page
- A Content editor role for editing the general farmers market pages
- A User manager role for managing the vendor accounts
- The Administrator role that was installed with your site, for expert users to manage the site configuration