Contrary to common belief, Drupal’s Authenticated user role does not inherit permissions given to the Anonymous user role.
However, it is important to note that all other roles do inherit permissions given to the Authenticated user role. So if you gave a permission to the Authenticated user role, it is redundant to give that permission to any other role. And it fact, in order to keep the already-overwhelming permissions page easy to use, it is usually better not to re-grant permissions to the additional user roles.
Alice is an anonymous website visitor. Beatrice is logged-in authenticated user (with no additional roles). And Christina is a logged-in moderator with the moderator role (which, in this example has been created by the site administrator).
You want both all user’s to be able to comment on articles, but only Alice needs to complete a CAPTCHA, and only Christina can moderate (edit and delete) comments.
You need to give the
post comments and
post comments without approval permissions to both Anonymous user and Authenticated user roles. If you only give those permissions to the Anonymous user, then Beatrice and Christina will need to log out of the website before they can post comments. And their comments won’t be linked to their user accounts.
You also need to give the
post with no checking permission (or equivalent for the CAPTCHA module you use) to the Authenticated user role. You don’t need to give the
post with no checking permission to the moderator role, since it is inherited from the Authenticated user role.
You do need to give the
administer comments permission to the moderator role though. You’ll also probably want to give the
access comments permission to both the Authenticated user and Anonymous user roles.