Drupal Starter Kits
Content access control for applications
After a third-party application authenticates (if required) with the Drupal API, it can query the API to create, read, update, and delete (CRUD) content. A consumer is assigned a user to author changes and a role to restrict CRUD operations to the appropriate security level. For more information on authenticating with the Drupal API, see Setting up API Consumers.
In the Roles section, you can create roles for content administrators and third-party applications that interact with CMS. Each consumer can have a custom combination of one or more roles that allow you to abstract roles into distinct functional responsibilities and bestow them on users and consumers in the combination that reflects their access and entitlement levels.
Click Save.
The system displays your new role in the available options on the Roles page.
You can edit permissions of a role to define the level of access for the role.
Roles are stackable. For example, a role does not need the same permissions that an authenticated user already has. Focus on the permissions a user with this specific role needs to complete the tasks.
After creating a role, see Setting up API Consumers for next steps on how to associate a role with a consumer.
The permissions system is extensive and contains many different permissions that are not covered in this documentation. If you configure a role for a third-party application, consider the following questions while updating permissions for a role:
Can the role create consumers?
This is useful for applications that grant access to the API for other applications.
If this content did not answer your questions, try searching or contacting our support team for further assistance.
If this content did not answer your questions, try searching or contacting our support team for further assistance.
Drupal Starter Kits