US: 1 800 895 9321

AU: 1 300 972 670

Drupal Security

In Drupal you can use roles to group a set of users to your site and give them set permissions or privileges. Your initial account is a super user. It is advisable to create an administrative role called "admin" and grant this role capabilities to administer and manage everything similar to an admin.

By default there are two roles as part of the installation - anonymous users and authenticated users. Anonymous user is any visitor to your site that does not login. Authenticated user, on the other hand, is any user who requests a login to your site. By default, visitors to your site have the permission to create an account on your site and inherit the privileges assigned to authenticated users. If you do not wish to have users on your site to have such privileges, you can control this from administer » user management » user settings. By selecting the option "Only administrators can create new user accounts" you can control the creation of new user accounts:

For my site JoeMatthew.com I am going to disallow anyone other than administrators to create new accounts and inherit privileges. For my site Gotofamousfootwear.com I am going allow shoppers to create their own account if they wish to do so.

For this, I will leave it to the default of "Visitors can create accounts and no administrators approval is required".
Below are the privilege settings for my JoeMatthew.com site and GotoFamousFootwear.com that you can mirror to follow along with this workbook without any permission issues

My Access Control settings for JoeMatthew.com

 

Permission admin users anonymous user authenticated user
aggregator module
access news feeds
administer news feeds
block module
administer blocks
use PHP for block visibility
blog module
edit own blog
comment module
access comments
administer comments
post comments
post comments without approval
fckeditor module
allow fckeditor file uploads
use advanced fckeditor
use default fckeditor
filter module
administer filters
image module
create images
edit images
edit own images
view original images
administer images
image_import module
import images
menu module
administer menu
node module
access content
administer content types
administer nodes
create page content
create story content
edit own page content
edit own story content
edit page content
edit story content
revert revisions
view revisions
nodewords module
administer meta tags
edit meta tags
path module
administer url aliases
create url aliases
poll module
cancel own vote
create polls
inspect all votes
vote on polls
site_map module
access site map
survey module
maintain surveys
submit surveys
system module
access administration pages
administer site configuration
select different theme
taxonomy module
administer taxonomy
trackback module
administer trackbacks
user module
access user profiles
administer access control
administer users
change own username
webform module
access webform results
clear webform results
create webforms
edit own webforms
edit webforms
use PHP for additional processing

My Access Control settings for GoToFamousFootwear.com

 

Permission admin users anonymous user authenticated user
aggregator module
access news feeds
administer news feeds
apparel module
create apparel products
edit own apparel products
block module
administer blocks
use PHP for block visibility
blog module
edit own blog
comment module
access comments
administer comments
post comments
post comments without approval
ec_mail module
administer ec emails
fckeditor module
allow fckeditor file uploads
use advanced fckeditor
use default fckeditor
filter module
administer filters
image module
create images
edit images
edit own images
view original images
image_gallery module
administer images
image_import module
import images
menu module
administer menu
node module
access content
administer content types
administer nodes
create page content
create story content
edit own page content
edit own story content
edit page content
edit story content
revert revisions
view revisions
nodewords module
administer meta tags
edit meta tags
path module
administer url aliases
create url aliases
poll module
cancel own vote
create polls
inspect all votes
vote on polls
product module
administer products
administer search
search content
use advanced search
site_map module
access site map
store module
administer store
subproducts module
administer own subproducts
administer subproducts
administer variations
system module
access administration pages
administer site configuration
select different theme
tangible module
create shippable products
edit own shippable products
taxonomy module
administer taxonomy
trackback module
administer trackbacks
user module
access user profiles
administer access control
administer users
change own username
webform module
access webform results
clear webform results
create webforms
edit own webforms
edit webforms
use PHP for additional processing

Video:

In this video you will see how to

  • Create a new role
  • Manage the privileges of this role
  • Change the account creation settings for your site
  • Create a new user account and assign it to a role