Authenticated Users Do Not Inherit Anonymous Role Permissions
on
December 8, 2008
Authenticated Users Do Not Inherit Anonymous Role Permissions
Contrary to common belief, Drupal's Authenticated user role does not inherit permissions given to the Anonymous user role.
However, it is important to note that all other roles do inherit permissions given to the Authenticated user role. So if you gave a permission to the Authenticated user role, it is redundant to give that permission to any other role. And it fact, in order to keep the already-overwhelming permissions page easy to use, it is usually better not to re-grant permissions to the additional user roles.
An example;
Alice is an anonymous website visitor. Beatrice is logged-in authenticated user (with no additional roles). And Christina is a logged-in moderator with the moderator role (which, in this example has been created by the site administrator).
You want both all user's to be able to comment on articles, but only Alice needs to complete a CAPTCHA, and only Christina can moderate (edit and delete) comments.
You need to give the
post comments and post comments without approval permissions to both Anonymous user and Authenticated user roles. If you only give those permissions to the Anonymous user, then Beatrice and Christina will need to log out of the website before they can post comments. And their comments won't be linked to their user accounts.
You also need to give the post with no checking permission (or equivalent for the CAPTCHA module you use) to the Authenticated user role. You don't need to give the post with no checking permission to the moderator role, since it is inherited from the Authenticated user role.
You do need to give the administer comments permission to the moderator role though. You'll also probably want to give the access comments permission to both the Authenticated user and Anonymous user roles.
Matt Petrowsky (not verified) December 10, 2008
Bevan, I hope you're ok with me posting this, but it's a link to a video I did about how Drupal's permissions work. I reference the differences between anonymous and authenticated roles.
http://gotdrupal.com/videos/understanding-drupal-permissions
You've done a great job explaining it via text, and if someone wanted to see things in action then I thought I would post.
Gregory Heller December 8, 2008
All custom user roles that you create in your drupal instance WILL inherit permissions from the Authenticated user role.
Authenticated users DO NOT inherit any permissions from the Anonymous user role.
That is it. Pretty straight forward once you understand it.
As Bevan tried to explain, it is redundant to grant permissions to any custom user role that you have already granted to the authenticated user.
Anonymous December 8, 2008
"It is a common misconception that Drupal's Authenticated user role does not inherit permissions given to the Anonymous user role.
However, it is important to note that all other roles do inherit permissions given to the Authenticated user role."
This doesn't sound right... If all other roles DO inherit permissions, then surely the misconception is that auth users DO inherit permissions from anon, not the other way around...?
I'm confused now, whereas I wasn't before :p
Anonymous December 8, 2008
It is a common misconception that Drupal's Authenticated user role does not inherit permissions given to the Anonymous user role.Eh, ... say what?
Anonymous December 8, 2008
I see that the first sentence contradicts the rest of the blog post:
"It is a common misconception that Drupal's Authenticated user role does not inherit permissions given to the Anonymous user role."
The rest of the blog post goes on to explain nicely how it is not a misconception that the Authenticated role does not get permissions inherited from Anonymous.
BTW: A simple way to put this is that logged in users with whatever role are already Authenticated, but they are not Anonymous, so they get Authenticated items but not Anonymous. And before they log in, we don't know who they are, so they can only get the Anonymous permissions.
