Users, Roles and Permissions

User Roles

User Roles are a useful way of allowing and controlling who can access your site.


Users are added to your site then assigned a role. Rather than assigning individual permissions to each user, permissions are assigned to roles and roles are assigned to users.

How to Add a User and Assign a Role

Step 1: Adding a User

  1. Log in to your website.
  2. From the administrative toolbar, select People.
  3. Click +Add CAS user
  4. Enter their netID in the CAS username(s) box. You may enter more than one netID -- one per line.
    NOTE: Do not enter full email address, enter only their netID
  5. Click Create new account(s).

Step 2: Assign a User Role

  1. Click the List tab OR from the administrative toolbar, select People again.
    list tab OR people button
  2. Next to the user name you just added, Click Edit How to add a role to a user.
  3. Select the appropriate role for the user. See available user roles and permissions based on role.
    list of user roles in drupal menu
  4. Click Save and the bottom of the page.

Available User Roles

list of user roles in drupal menu

Summary of Available Permissions Based on Role


The administrator role is reserved for WDS only.

Site administrator

Site administrator represents the person setting up the website, managing menus and taxonomies, selecting colors, layouts, etc. The site administrator also manages some back-end configuration settings.

In addition to the Content Manager role, this role can

  • View published/unpublished site content
  • Create/edit/delete content
  • Publish content
  • Add/edit/delete taxonomy terms
  • Add/edit/delete menu items
  • Create/delete/deactivate user accounts
  • Change color presets, site logo
  • Change page layouts
  • Edit custom CSS for the site
  • Create shortcuts

Content Manager

A Content Manager represents the member of the departmental staff who has authority to approve content that will be submitted by Content Author users.

In addition to the Author role, this role can:

  • Create/edit/delete menu items
  • Add/edit/delete taxonomy terms
  • Change page layouts
  • Add/edit/delete panes of content


Editor is similar to a Content Manager.

  • Can create, publish, and delete content and taxonomy terms.

Webform Manager 

The Webform Manager role has the authority to view visitor submissions to any Webform content present on the site. This role, however, does not grant any other permissions, and so needs to be combined with one of the already-existing roles in order to be of use.


An Author represents a member of the departmental staff who can create content such as blog posts, articles or events to the site.

In addition to the Reader role, this role can:

  • View published and unpublished content
  • Create and edit their own content.


A Reader represents a site visitor who can see the site in maintenance mode. This role is typically reserved for users who need to review the site before the site has launched.

This role can do the following:

  • Can view the website in Maintenance Mode    
  • View Published content

Princeton User

This is a role that allows people to see "private" pages or webforms. It is automatically assigned to a Princeton netID when someone is prompted to log in to the website. This role only allows viewing of pages and submissions of webforms. The role cannot edit your website.

Removing Users

WARNING: If you delete a user, all their content will be deleted too! Never remove a user from the site. Instead, remove their role. If you must remove them, then make sure you specify that their content remain in the site.

Guest Accounts

Q:Can a non-Princeton-affiliated person edit my site?

A: Only users (i.e. users with a netID) can authenticate to access the Drupal template system.

For a non-Princeton-affiliated person to access the template system for editing purposes, it is recommended that Guest Account Provisioning (GAP) accounts be created so that passwords are maintained externally maintained, rather than from inside the Drupal system.



  • Regularly review who has access to your website. (All WDS staff will appear in the "administrator" role".)
  • When people leave your department, make sure their role is removed/blocked.
  • Only give the highest level of access needed for the person to do their job.