After a third-party application authenticates (if required) with the Drupal API, it can query the API to create, read, update, and delete (CRUD) content. A consumer is assigned a user to author changes and a role to restrict CRUD operations to the appropriate security level. For more information on authenticating with the Drupal API, see Setting up API Consumers.
Accessing the Roles page
- To access the Roles page in the Headless mode, click API Access > Roles.
- To access the Roles page in the Hybrid mode, click Admin > People > Roles.
In the Roles section, you can create roles for content administrators and third-party applications that interact with CMS. Each consumer can have a custom combination of one or more roles that allow you to abstract roles into distinct functional responsibilities and bestow them on users and consumers in the combination that reflects their access and entitlement levels.
Creating a role:
- On the Roles page, click Add Role.
- In Role name, enter an appropriate name for the new role.
Click Save.
The system displays your new role in the available options on the Roles page.
Editing permissions for a role
You can edit permissions of a role to define the level of access for the role.
- In the list of roles on the Roles page, locate the role that you want to edit.
- Click the (^) arrow next to the role.
- Select Edit permissions from the dropdown.
Note
Roles are stackable. For example, a role does not need the same permissions that an authenticated user already has. Focus on the permissions a user with this specific role needs to complete the tasks.
After creating a role, see Setting up API Consumers for next steps on how to associate a role with a consumer.
Other permission considerations
The permissions system is extensive and contains many different permissions that are not covered in this documentation. If you configure a role for a third-party application, consider the following questions while updating permissions for a role:
- Can the role create, update or delete content?
Can the role create consumers?
This is useful for applications that grant access to the API for other applications.
- Should the role be able to interact with the content workflow?
- Should the role be able to access media?
- Should the role be able to access revisions?