Users have roles that define what kinds of actions they can take. Roles define classes of users such as anonymous user, authenticated user, moderator, administrator and so on. Every user can have one role.
Roles make it easier for you to manage security. Instead of defining what every single user can do, you can simply set a couple different permissions for different user roles.
Drupal comes with three built-in roles:
For basic Drupal sites you can get by with anonymous user and authenticated user but for more complex sites where you want other users to be able to perform maintainance or administrative duties, you may want to create your own roles to classify your users into different groups.
Each Drupal's permission describes a fine-grained logical operation such as access administration pages or add and modify user accounts. You could say a permission represents access granted to a user to perform a set of operations.
Roles tie users to permissions. The combination of roles and permissions represent a way to tie user authorization to the performance of actions, which is how Drupal can determine what users can do.
roles and permissions"; } return $links ? $links : array(); } function access_get_role($rid) { return db_fetch_array(db_query("SELECT * FROM role WHERE rid = '". check_input($rid) ."'")); } function access_get_roles() { $result = db_query("SELECT * FROM role ORDER BY name"); while ($role = db_fetch_object($result)) { $roles[$role->name] = $role->name; } return $roles; } function access_role_form($edit = array()) { global $REQUEST_URI; $form .= form_textfield("Role name", "name", $edit[name], 50, 64, "The name for this role. Example: 'moderator', 'editorial board', 'site architect'."); $form .= form_submit("Submit"); if ($edit[rid]) { $form .= form_submit(t("Delete")); $form .= form_hidden("rid", $edit[rid]); } return form($REQUEST_URI, $form); } function access_role_save($edit) { if ($edit[rid] && $edit[name]) { db_query("UPDATE role SET name = '". check_input($edit[name]) ."' WHERE rid = '$edit[rid]'"); } else if ($edit[rid]) { db_query("DELETE FROM role WHERE rid = '". check_input($edit[rid]) ."'"); } else { db_query("INSERT INTO role (name) VALUES ('". check_input($edit[name]) ."')"); } } function access_role_view() { $result = db_query("SELECT * FROM role ORDER BY name"); $output .= "name | operations |
---|---|
". check_output($role->name) ." | rid\">edit role |
". implode(" | ", array_keys($roles)) ." | |
---|---|---|
". check_output($perm) ." | \n"; foreach ($roles as $name => $value) { $output .= "\n"; } $output .= " |