2. Drupal relies very heavily on the user system to manage permissions. Default user roles available Anonymous Authenticated Creation of customized access rules allows you to share the burden of running a site without giving everyone access to everything. Every user has his page at users/<username> intro
3. User management to control how new users register. Control permissions and roles for each user. Learing access control. Who’s using my site??
4. Access rules - from this section you can define different access rules for your Drupal; you can disallow users, emails and IP addresses Permissions - from here you can which modules will be available for anonymous and/or authenticated users Roles - you can add roles such as administrator, moderator, etc User settings - from this section you can configure the user registration settings, the emails notifying a user for new registration, password recovery, etc Users - shows a list of your current users; you can also add new users or block existing ones Administer>>user mgmt
5. Allows you to customise user registration guidelines including the mails sent by your site to the user mail id. This address must have a domain name of <>@mysite.com to avoid being classified as spam. Install a captcha module like mollom to beat spam registrations. [required] User mgmt>>user settings
6. Here you see a list of all users on your site. You can block them, delete them. As user1 [God Mode] you can even change the password for any user. So you never, ever give out user1’s pass to anybody. User mgmt>>users
7. The profiles area allows you to add fields for user registration. Create category [personal details, contact information, extra info] to segregate content. You can manage visibility of fields here. Eg: make email field a hidden profile field.br />User enters details while registering or in his user area. User mgmt>>profiles
8. You need site maintainers, content editors, site moderators etc etc. But you shouldn't give admin access to the site just like that to everybody. Create roles that limit the access privilieges to each person so they can do exactly what they need to and no more. Roles
9. Type a new role [site admin] and click add role. Now click edit permissions. Give permissions as you see fit here for the user role. User mgmt>>roles
10. When no user is logged in, the user is called anonymous. If a user has no permission for a module, the user cannot have access to the module’s content. As – in, anonymous has [by default] only the access content privilege checked. Anonymous users cannot see views, use taxonomy, create content, see forums… unless specified here. Understanding permissions
11. When a user is logged in, they get the authenticated role by default. This role should have permissions to access content from required module [not set by default, everytime a module is installed, permissions have to be given to it] Users can be given custom roles also. They will get the sum result of all permissions on roles assigned to them.
12. Do not give *administer nodes* privilege to anyone lightly. Do not give *php input* privilege lightly. Give as much as the user role requires. Things to take care of
13. Go to user mgmt>>users Check box all users you want to give a role to In update options, choose and grant the required role. Giving roles to users
14. For example, what happens if there is a company that repeatedly spams your forums with advertisements and marketing information? Or, what happens if only people from a certain company should have access to your site? Access rules
16. Advanced user profiles – use cck to create a custom user profile type. Allows you to modify the user landing home page also. Front_page - allows you to give a custom front page depending on the user’s role. More user modules