Drupal roles, permissions and editorial workflow
Drupal allows very detailed role and permission management. That is exactly why permissions should be reviewed regularly instead of leaving years of exceptions in place.
Common problems
Drupal user and permission management fits complex organisations, but poor configuration can grant too much access or make editing difficult.
Check:
- whether former employees still have access;
- whether editor roles see only the tools they need;
- whether administrator permissions are used too broadly;
- whether the publishing workflow is documented;
- whether forms and files are properly restricted.
Why this belongs in maintenance
A permissions audit should not wait for a security incident. It is worth doing with a larger update, a new editorial workflow or a provider change.
WebPro reviews roles and permissions as part of Drupal maintenance or audit. If the workflow needs more detailed business logic, it can be solved through custom Drupal development instead of giving everyone administrator rights.
Kaido Toomingas
WebPro Company OÜ
Need Drupal help?
If the article describes your situation, you do not have to read everything first. A real person will help you choose the next step.