Permissions definition

For more information about Drupal terms and terminology, see the Drupal term index.

Your Drupal website’s permissions allow you to control what users can do on your website. Many of the different functions and features available on your website have a permission you can either enable or disable.

Permissions control access to administrative tasks (such as access to the administrative menu) and general website usage (such as viewing published content).

To view the list of user permissions for your Drupal website, go to People > Permissions, and then click Permissions.

Drupal includes a set of core access permissions. Enabled Modules can also add permissions to this page.

To assign permissions to user roles, select the checkboxes in the appropriate roles’ columns.

You can change the permissions of a single role by clicking edit permissions on the Roles page. The link leads to a page where only that role displays.


  • Many of the permission settings have serious security implications. Examine each permission and provide sensitive and security-relevant permissions only to users you trust. It’s sensible to make a set of permissions that is as restrictive as possible, yet one that still allows your website to function as you intend.

  • Permissions are cumulative. Users assigned more than one role will have all of the permissions included in any of their roles. For example, all signed-in users have all permissions assigned to the Authenticated user role. Permissions define what users are permitted to do—not what they are forbidden to do.


Drupal’s permissions and roles are not the same as Acquia’s Teams and permissions.