How to Manage User Permissions for Roles in Drupal 8


This Tutorial will show how to create new User Roles for Drupal 8 and to edit User Permissions on Content-Type nodes for authenticated users.

  • Problem: Articles, Pages, & Content Types are created by administrators, business staff, & site authors, while Blog & Forum posts can be made by any registered user.
  • Solution: Create Drupal 8 Roles for Authors & Employees. Delegate Permissions to Roles for Content Type edit/save/delete values. Customize publication paths for users.

By granting different permissions on Drupal 8 Content Type creation to User Roles, administrators can manage portals & social networks with complex functionality.

Let’s get started.

Step One:
Review User Roles & Site Registration Policy

Drupal 8 installs with three default User Roles: Anonymous users, Authenticated users, & Administrators. Site admins can install modules & themes, as well as configure the site.

Authenticated users can be given different levels of permissions on content creation, editing, and deleting posts. Admins determine whether the email verification is required on sign-up.

Anonymous users can be permitted to use search, contact forms, or comments. The level of anonymous & registered user functionality in D8 depends on the Permissions settings.

How to Manage User Permissions for Roles in Drupal 8

Start: Log into Drupal 8 administration and navigate to /admin/people/roles to review the site settings. Add extra roles if required by site functionality, such as authors or paid subscriptions.

Next: Navigate to /admin/people/permissions and review the Permissions settings.

Hint: Determine what content create, edit, & delete powers will be given to registered users for blogs, articles, forums, etc. Make sure to review the Full HTML vs. Filtered HTML settings.

Finish: Review the site registration settings at /admin/config/people/accounts and decide whether users will need to verify their email address on sign-up (recommended). Review or change the welcome email text sent to registered users on sign-up and save the settings.

Step Two:
Create a Custom Role for Site Authors.

Start: The process to create a new User Role in Drupal 8 is simple. Navigate to /admin/people/roles/add and choose a name for the new role & save the settings.

How to Manage User Permissions for Roles in Drupal 8

Hint: Click on “Edit Permissions” under Operations to view all of the permission settings for the new role individually or load /admin/people/permissions to view all roles together.

Finish: That’s it. There is just one screen to save to create a new User Role in Drupal 8.

Step Three:
Configure Permission Settings by User Role

Start: Following the links above, review Drupal 8 Permissions for enabled modules by User Role for site administrators, editors, authenticated users, & anonymous users.

Hint: Social networks and multi-user blogs will need to build website publishing policies in advance to determine which user roles will be permitted to blog, comment, or post to the forum.

How to Manage User Permissions for Roles in Drupal 8

Hint: The Drupal 8 Permissions page is very extensive and any errors in the checkbox settings by role can inadvertently give untrusted users admin powers on the site, so be careful.

Recommended Permission Settings for Drupal 8:

  • Registered Users: Create new content, Delete own content, Edit own content, Use users’ personal contact forms, Change own username, Cancel own user account, Post/Edit/View comments, etc. + all powers given by default to Anonymous users.
  • Anonymous Users: Use search, Use the site-wide contact form, & View comments.

Finish: After you have reviewed the settings for each module by User Role, save the Permissions settings. Review and adjust after every new Drupal 8 module is installed.

Step Four:
Manage Views by Content Type & User Role

Start: Another way that User Roles can be used in Drupal 8 is as a filter for dynamic content using Views. For example, to highlight articles by site editors over free user blog accounts.

How to Manage User Permissions for Roles in Drupal 8

Hint: Social networks & multi-user blog sites can make effective use of User Roles in Drupal 8 by allowing community members to choose their own role & filtering content by author.

Finish: Create different Views for anonymous & authenticated users in Drupal 8 depending on whether or not the browser is logged into the website for social media/e-commerce promotions.

Step Five:
Test User Paths for Production.

Start: In order to go live with a Drupal 8 website accepting registered users in a social network or ecommerce website, it is recommended to test the user paths in production.

Next: In either a sandbox environment or on the live site before launch, create registered users and test the login process in different browsers/devices for security & ease of navigation.

How to Manage User Permissions for Roles in Drupal 8

Next: Administrators will need to go through all sections of the Drupal 8 website with test users from each role category to make sure that the permissions are correct.

Finish: Update any corrections to Permissions settings detected in user testing & go live.

Conclusion: Roles & Permissions for Drupal Communities

Most important is to review the Permissions settings on any Drupal 8 website with registered user activity after any new module is installed.

Make sure to edit the Permission settings for content creation for registered users in social networks, e-commerce sites, & multi-user blogs.

Check out these top 3 Drupal hosting services:

Was this article helpful?