Assigning Drupal User Permissions - dummies

Assigning Drupal User Permissions

By Lynn Beighley, Seamus Bellamy

The Permissions form in Drupal controls the permissions granted to user types. For example, by default logged-in registered Drupal users can add comments to your postings, but unregistered users can’t. This setting, and many other settings, is controlled by the Permissions form.

The form can be found by clicking the People link located in the Dashboard menu bar. Once the People overlay opens, click the Permissions tab found in the upper-right part of your screen.


Drupal calls users who are logged in to the site authenticated. Anonymous users to refer to users who are not logged in.

Along the top of the table on this page, are the table headings Anonymous User, Authenticated User, and Administrator. Anything you select under Anonymous User will only apply to anyone who visits the site without signing in. Anything selected under Authenticated User will only apply to users who sign in.

What about Administrator? If you answered anything selected under this category of user will be applied to administrative accounts, treat yourself to a cookie for getting the correct answer.

There are lots of options here, but for now only a few of them will be discussed.

It seems odd, but if you select an option in the Anonymous User column but not in the Authenticated User column, only the people who haven’t logged in will have that privilege. Generally, if an anonymous user can do something, an authenticated user should be able to do it as well. Make sure both check boxes are selected when the Anonymous User check box is selected.

You should know about these permission settings right now:

  • Comment: This section controls whether users can view, create, or administer comments.

    • Administer Comments and Comments Settings: If this is selected, users can edit or delete comments.

    • View Comments: Controls whether users can see comments.

    • Post Comments: If this is selected, users can post comments, but they have to be approved by you first.

    • Skip Comment Approval: If you want users to have the ability to post comments to your site without prior approval, select this. In general, it’s a good idea to not allow anonymous users to comment on your site. If you decide to allow it, make sure this setting is selected for you to view what they’ve written first. Spammers frequently take advantage of comments to advertise their wares.

    • Edit Own Comments: Have you ever been in a situation where you say something that you wish you could take back? If you answered yes, you’ll want to turn this feature on. It allows site visitors within the user group to change or delete posted comments.

  • Node: Nodes contain all the content on a Drupal site. Be cautious about granting permission for most of these.

    • View Published Content: This is probably the one permission you will always grant. This allows visitors to see content on your site. They can’t do anything except view it, so it’s safe to give to anonymous users as well.

    • Article: Create New Content: This permission allows users to add their own articles to the site. You probably won’t do this.

    • Article: Edit Any Content: Granting this allows users to edit articles posted to the site. For example, with this selected, a user could change the text posted to the front page of

    • Article: Edit Own Content: If you allow users to enter articles, you may want to enable this to allow them to edit only articles they have created.

    • Blog: Create New Content: This permission allows users to create blog entries. This option is only available if the Blog module is enabled.

    • Blog: Edit Any Content: Granting this permission allows users to edit any blog entries posted to the site. This option is only available if the Blog module is enabled.

    • Blog: Edit Own Content: If you allow users to enter blog entries to your site, you may want to enable this to allow them to edit only the entries they have created. This option is only available if the Blog module is enabled.

  • User: This controls the administration of users.

    • Administer Permission: If selected, users can edit the current page. It is never a good idea to give users that much authority.

    • Administer Users: If selected you will allow your users to add, delete and edit other users. This is probably not something you’ll want to do.

    • View User Profiles: Allows a user to view other users’ profiles.

    • Change Own Username: If you select this, users will be able to change their usernames by using the Edit tab of the My Account page. It makes no sense to select this for an anonymous user, but you may want to allow authenticated users to change their usernames.

You can see many more permissions available here, but until you have an understanding of these modules and features (for example, blocks and filters), you shouldn’t modify the permissions for them. You can always come back to this page and tweak permissions later. In general, it’s best to start with as few permissions as possible and add more only as needed.