Chapter 4
User Management
W
e previously mentioned that, rather than use Ussrs [ Q-a 1 Add user
the term CMS, many in the community prefer
Ofupal atiows users to register, logfn, tog out, maintain user pr^ics, etc Users of the ^ e may not use
to call Drupal a CMF, or content management their own names to po» content untii they have ^ n c d up ror a user account.
framework. Others prefer just to change the C from con- [men hefp...]
tent to community or collaboration, and use the phrase Show onty users where
community management system. This is to emphasize administrator ^ Ri
<" role is
Drupal's superior user-management features that are ^ pwrnteion administer btocks ^
^ status active jJ
especially suited to collaborative content authorship.
Using the Drupal Web interfaces, you can create users, Update options
identify user types or roles, andfine-tunepermissions based 1 Unblock the sheeted users j J ^^ update^ J
on these roles. You can also empower users to register them-
selves on your site (with optional approval) and manage their V Uscmamo Status Roles Membor for*^ Last access Operations
own profiles, usernames, and passwords. To bolster the core l~ user active 14 hours 44 min 14 hours 44 mfn ago edit
user management, user management has been designed to f aausiin active 15 hours 21 mm 1 min 6 sec ago edit
be extensible. Many other modules have taken advantage of
this and are available to expand core user management to 5
Figure 9 5"
address more specific needs (seefigure9). Drupal screen for managing users. 9-
At a basic level, the Drupal user-management system
controls which users can see what content in your site.
Perhaps more important, it mitigates the layers of per- these roles are given specific permissions. Permissions TO
a
missions for contributors to the site, refereeing who can can be assigned only to roles, not to individual users. 1
submit and edit what content and what happens to that Given this, it is important to understand that users
content when it is submitted. Drupal does not dictate a can be assigned multiple roles and their permissions
specific work flow for Web authoring, but instead, with accumulated depending on which roles they have been
the right configuration, it can be adapted to fit the pub- assigned. This is different from many other systems, in
lishing work flow that is needed within your organization. which a user may be placed only in a single system role or
This can allow you to distribute work on the Web site group. Multiple roles can be created to build a scaffolding
throughout a library. The Children's Services department of permissions.
head could be given permissions to create and publish
new stories, while other staff in the department may be
able to create content but not publish it without addi- Using Roles a
tional authorization.
Drupal handles these distinctions by using a role- When you install Drupal, there are already two roles
based system of permissions. Users are assigned roles, and defined:
e
� Anonymous-users who have not logged in. Drupal but don't need to see the complexities of Drupal; and
treats all Anonymous users the same way; it has to Librarians get some special privileges to add content and
because it doesn't know anything to differentiate see various resources that we provide to them.
them. This means that there is only one level in
the Anonymous hierarchy.
Authenticated-any user who has logged in. Users Assigning Permissions
will be considered Authenticated users even if you
assign them additional roles, as this is the top- In a larger library with a more complex organization, you
level role in the Authenticated hierarchy. It is criti- want to take the time to fine-tune your roles and permis-
cal to remember that every user who logs in gets sions. For example, you might want to provide a Web form
any permissions granted to Authenticated users that allows patrons to submit a reference question. You
(see figure 10). could have a role for staff working at the reference desk.
You could then assign permissions so that only users
Roles who were given the role Reference Desk could read and
Roles allow you to fine tune the security and administration or Drupal. A role defines o group of users respond to the reference questions. If you wanted to have
that have certain pHvileges as defined tn user permissions. Examples of roles include: anonymous
user, authenticated user, moderator, administrator andsoon.Inthls area you wlil define the rde
departmental blogs on your site, you wouldn't want all
names of the various n>les. To delete a role choose "edit-. your staff to be able to blog, just your designated blog-
By default. Drupal comes with two user rotes: gers. So you could create another role, Bloggers, and give
^ Anonymous user: this role ts used for users that don't have a user account or that are not that role permissions to blog on the site (see figure 11).
authenticated.
<> Authenticated user: this role is automatlcaiiy granted to ail togged in users.
anonymous authenticated
Name Operations Permission admtnistrator ttbrarlan
user user
anonymous user locked edit permissions blo<^ module
authenticated user locked edit permissions administer Uocks r r F F
administrator edit role edit permissions use PHP for b!ocl<: visJUtity r r F r
librarian edit roie edit permissions
comment module
MinM I
dcoess comments F F F r
odmlniner comments r r F r
post comments r F F r
Figure 10
p o ^ con^mcnts without
Drupal screen for managing roles. r r F F
filter modulo
During the installation process, you create a super- administer filters r r F r
user account (with an internal ID of 1) that bypasses all menu module
security checks. This user does not need any roles or per- administer menu r r F B
IN
<U missions assigned; instead, this person always has permis-
sion to do anything. Using this account is sort of like Figure 11
using root in Unix; you want to use it only when neces- Drupal screen for assigning permissions.
sary, and you may even want to disable it for security
reasons. Instead of using this first account, you will prob- In this scenario, you are going to have staff who work
ably want to create a role called Administrator and have the reference desk and don't blog, staff who blog but don't
other users who will be administering the site assigned to work the reference desk, staff who do neither, and staff
this role. You will just need to assign all the permissions who do both. Fortunately, users can have multiple roles
to the Administrator role and remember when you install in Drupal, so one user can have the two roles Reference
new modules to revisit the Permissions table and give the Desk and Blogger and get all the permissions assigned
Administrator role the new permissions that come with to those two roles, as well as any permissions granted to
the new module. Authenticated users.
Additional roles can be set set up for different groups Managing security when roles overlap is slightly
of staff in your library depending on your needs. Since our tricky; remember that Drupal only adds permissions to a
>, staff is small and our organization is not very complex,
Ol role and does not block a permission for a role. Practically,
o we generally add only three roles for our organizational this most often comes into play when you are trying to
sites: Administrator, Staff, and Librarian. Administrators remove a permission from a user or a group of users on
are the technical people who manage the sites; Staff work the site. For example, you might uncheck the permission
at our office and need some permissions on the back-end Post Comments Without Approval for your Blogger role.
o
�but if the Reference Desk role still has that permission,
then any users v^^ith both roles will still be able to post
comments without approval.
More concretely, permissions are set in Web Ul. The
Permissions page is organized as a long table of roles
and permissions, divided up by which module is setting
those permissions. This is not the easiest form to use, so
don't despair; it may look overwhelming at first, but it
will eventually make sense to you. Start by just reading
through the permissions that are available and pragmati-
cally decide who needs which permissions.
As a final note, any time you set up a site, you will
want to create a test user with each role and test your
site as these other users. Sites are often built as an
Administrator user or even as User 1. This can give you
a false sense that everything is working on your site. You
also need to test each user and make sure that they are
not getting permissions that were not intended.
5"
S-
I
m
•a
o
I
3
