Drupal roles are layerable

A common issue I see on Drupal websites is that users have too many permissions.

They are often given a role like an Administrator that gives them too many options - sometimes introducing a security risk or the possibility of taking a website down accidentally.

A thing about Drupal roles is that they are layerable.

A user can have multiple roles and get the combined permissions from each role.

So why not have a number of small specific roles and assign them to users as needed, rather than a small number of larger roles that give too much?

Was this interesting?

Subscribe to my daily newsletter for software professionals on software development and delivery, Drupal, DevOps, community, and open-source.

About me

Picture of Oliver

I'm a certified Drupal Triple Expert and former Drupal Association staff member with 18 years of experience, a Drupal core contributor, public speaker, live streamer, and host of the Beyond Blocks podcast.