Overview of Common Permissions in Drupal

By admin, 26 September, 2024

In Drupal, the "administer site configuration" permission allows users to access and modify site-wide configuration settings. This permission is typically assigned to users with administrative roles because it grants significant control over the site's configuration.

When defining permissions for a route in Drupal, you use a routing file (*.routing.yml) to specify the required permission for accessing that route.

Here’s an example of how to define a route that requires the "administer site configuration" permission:

yaml
my_module.admin_route:
 path: '/admin/my-custom-page'
 defaults:
   _controller: '\Drupal\my_module\Controller\MyCustomController::adminPage'
   _title: 'My Custom Admin Page'
 requirements:
   _permission: 'administer site configuration'
 options:
   _admin_route: TRUE

Breakdown:


- path: Defines the URL for the route (/admin/my-custom-page).
- defaults: Specifies the controller and method that will handle the request, as well as the title for the page.
- requirements: This specifies that users must have the 'administer site configuration' permission to access this route.
- options[_admin_route]: Set to TRUE to indicate that this is an administrative route, which can affect menu placement and theming.

With this setup, only users with the "administer site configuration" permission can access the route.

Drupal has a wide range of permissions that control access to various features and sections of the site. Permissions are typically defined in the user.permissions.yml file, and they are granted to roles like Administrator, Authenticated User, or Anonymous User.

Here are some common permissions in Drupal:

Content-related permissions:


1. Create [content type] content: Allows users to create new content of a specific content type.
  - Example: Create article content
  
2. Edit [content type] content: Allows users to edit existing content of a specific content type.
  - Example: Edit page content

3. Delete [content type] content: Allows users to delete content of a specific content type.
  - Example: Delete blog content

4. Administer content types: Allows users to manage and configure content types (create, edit, delete).

User-related permissions:


1. Administer users: Allows users to add, delete, and edit user accounts.
  
2. Access user profiles: Allows users to view user profile pages.
  
3. Edit own profile: Allows users to edit their own user profile.

4. Change own username: Allows users to change their own username.

Taxonomy-related permissions:


1. Administer taxonomy: Allows users to create, edit, and delete vocabularies and terms.

2. Edit terms in [vocabulary]: Allows users to edit terms within a specific taxonomy vocabulary.
  - Example: Edit terms in Tags vocabulary

Menu and navigation permissions:


1. Administer menu: Allows users to create, edit, and delete menus and menu links.
  
2. Use the administration toolbar: Allows users to see and access the admin toolbar at the top of the page.

Block-related permissions:


1. Administer blocks: Allows users to create, edit, and manage blocks on the site.
  
2. Place blocks: Allows users to place blocks on specific regions of the site.

System administration permissions:


1. Administer site configuration: Allows users to manage all site-wide configuration settings.

2. Administer views: Allows users to create and modify views.

3. Administer modules: Allows users to install, update, and uninstall modules.

4. Administer themes: Allows users to manage and change the site’s themes.

5. Access site reports: Allows users to access system reports like logs and status updates.

Node-related permissions:


1. View published content: Allows users to view published nodes.
  
2. View unpublished content: Allows users to view unpublished nodes.
  
3. Bypass node access: Allows users to bypass access control restrictions on nodes.

File-related permissions:


1. Administer files: Allows users to manage file uploads and configuration.
  
2. Upload files: Allows users to upload files as part of content creation.

Comments-related permissions:


1. Post comments: Allows users to post comments on content that supports comments.

2. Edit own comments: Allows users to edit their own posted comments.

3. Administer comments: Allows users to manage all comments on the site.

Security and advanced permissions:


1. Bypass page cache: Allows users to view pages without being affected by caching.
  
2. Use PHP for block visibility: Allows users to use PHP to control the visibility of blocks (generally discouraged for security reasons).

3. Administer permissions: Allows users to manage permissions for all roles.

Custom Permissions:


Modules can define their own permissions. For example, a custom module might add permissions like:
- Administer custom module settings
- Access custom reports

Permissions are a fundamental part of Drupal’s access control system. They can be fine-tuned to fit the specific needs of your site, ensuring users have appropriate access based on their role.

Tags

Comments

About text formats

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.