Assigning Permissions to a Role
with Amber Matz In this tutorial, we'll walk through how
to assign permissions to a role. By the end of this tutorial, you'll
understand how to change the permissions for the Vendor role
so that those users can create, edit and delete Recipe
and Vendor content, format the content, and contact
each other. To follow along, you should
understand the concept of users, roles, and permissions and have completed the tutorial,
"Creating a Role" where we created the "Vendor" role. See the written version of this tutorial
for links to these prerequisite tutorials. In the Manage Administrative menu,
navigate to People, then Roles which is the admin/people/roles
path. The Roles page appears. Next to Vendor and under
the Operations column, drop down this menu
and select Edit permissions. The Edit role page appears and this is where you can see all of
the available actions for the website such as Post comments or
Administer blocks. The available permissions depend on
the modules that are installed in the site. Note—some permissions may have
security implications. Be cautious when assigning
permissions to roles. The Permission page is organized
by module. Let's assign the following
permissions to the Vendor role. Under Contact, check Use users'
personal contact forms. Under Filter, check Use the restricted
HTML text format. Under Node, check Recipe Create
new content. Also, click Recipe Edit own content and Recipe Delete own content. By selecting Edit own content and
Delete own content and not Edit or Delete any content, we allow the user to manage the
content they created themselves without allowing them to edit or
delete anyone else's. Finally, under Node, check
Vendor Edit own content. Now, under Quick edit, check
Access in-place editing. Now at the bottom of this page,
click Save permissions. You will get a message saying that
your changes have been saved. You can test these permissions by
logging in as one of the new users you created in a previous tutorial. Verify whether you have the correct
permissions by testing each of the actions that
you granted permissions for, like Creating a new Recipe. And using the restricted HTML text
format. It looks like our Vendors also have
access to the basic HTML format. Let's go ahead and fix that by logging
back in as admin. We'll navigate back to People, Roles,
and let's edit the permissions for the Vendor
role once again. We can see under Filter, that Basic
HTML text format isn't checked for this role,
but they still have access to it. This is probably because our user is also part of the
Authenticated user role. Let's go back to People using the
breadcrumbs and then over to Permissions, where
we can see each of the roles. Let's navigate down to Filter and we can see that our
Authenticated user also has access to the Basic
HTML format. Let's uncheck this. And Save. Now if we go back to the site and
log out and log in as our new user with the
Vendor role, and we test out this permission again we can see that there's no more
Select option for text format and they only have access to the
restricted HTML format. Testing permissions for each role
is an important part of the site building process and can
help ensure that your site remains secure. In this tutorial, we walked through the
steps of how to change the permissions for the Vendor role so
that users can create, edit, and delete Recipe and
Vendor content, format the content, and
contact each other.