User Management
One of the truly amazing things about Drupal is how it handles its users. A drupal site can have countless users contributing, editing, commenting and using the site in an infinite number of workflows. We have designed the UAEM site under a very specific workflow and this document will try to explain that.
Roles
Roles are ways to group permission sets for users. Assigning users into roles allows you to have classes of access that lots of people can have.
There are two automatic roles:
- anonymous user: Everyone who's not logged in
- authenticated user: Anyone who has an account with the site has this role
Then there are two roles created solely for this site.
- Content Manager
Content managers have access to do things like create and moderate content. - Site Administrator
Site administrators can change the actual structure of the site. They can change content too but it is not recommended.
Permissions
Permissions are the most fine-grained unit of security on the drupal site. Warning: Be VERY careful about permissions. They are the most finicky part of the drupal install. There are hundreds of combinations which may have dire consequences for the security of the site. Always do thorough testing to make sure your changes haven't:
- Robbed someone of access
- Given too much power to non-technical users and content providers.
- Allowed a security breach for anonymous users
