Managing users

Submitted by pwadmin on

Users with the User administrator role can manage users. They are given a role separate from content administrators because they are responsible for adding, deleting and blocking users and handing out privileges. They can also change other people's passwords.

Roles

Users are given access to perform different tasks on the website by giving them roles. As a general rule, two users who have the exact same roles can do the exact same things. You can give any user any number of roles or no roles at all.

By default, we set up the following roles on your site:

  • anonymous user - a built-in role to represent visitors to the site who don't have a user account (or who have not logged in yet).They are:
    • not allowed to do very much besides view the site
  • authenticated user - a built-in role to represent people who have logged in with a username and password.They are:
    • assigned the same privileges as anonymous users (i.e.: they aren't allowed to do very much besides view the site)
  • content author - a role for most people who will update the site. They are allowed to:
    • do everything that authenticated users can do
    • create most types of pages,
    • edit pages they have created or been assigned responsibility for
    • view unpublished pages they have created or been assigned responsibility for
    • rearrange items in the menus
    • add meta tags to pages
  • content administrator - a role for people you trust to manage all pages on the website.They are allowed to:
    • do everything that authenticated users can do
    • create every type of page
    • edit every page, even if they have not been assigned responsibility for it
    • view unpublished pages, even if they have not been assigned responsibility for it
    • bypass access control that may have been put on pages
    • delete every page
    • rearrange items in the menus
    • add meta tags to pages and administer the site-wide meta tags
    • administer tags (taxonomies and taxonomy terms)
    • administer automatically-generated lists of pages
    • rearrange parts of the site
    • administer the site's contact form
    • administer the URLs that pages appear at
    • block spammers' computers from accessing the site
  • user administrator - a role for people you trust to manage users and give permissions on the website; i.e.: everything on this help pageThey are allowed to:
    • do everything that authenticated users can do
    • add, edit, block and delete users
    • assign roles to other users
    • change other people's passwords

Adding a user

PeaceWorks usually sets up sites so that only user administrators can add users.

  1. Click People from the black bar at the top of the screen.
  2. Click Add user.
  3. Enter a Username for the new user. Users will need to type in their username when logging on, and they will show up with this name on the site.
  4. Enter an E-mail address for the user. You cannot have more than one user with the same e-mail address.
  5. Enter a Password for the new user. Users will need to type in their password when logging on, and nobody else should know their password. It's a good idea to choose a strong password. Here are some tricks for creating strong passwords:
    • Stick two or more words together to make a word that isn't found in the dictionary (computers can try every word in every dictionary in a matter of minutes).
    • Switch upper and lower case letters, substitute numbers/punctuation for similarly shaped letters. For example,
      • E = 3, i or l = ! or 1, a = @, T = 7, s = 5 or $, H = # or 4, o = 0 or *, …
      • Matthew Wiebe -> m@7T#3w!Eb3
  6. Optionally, set a Statusfor the user by clicking the round button next to the status you want to set.
    • Active users are allowed to log in and use the site normally.
    • Blocked users cannot log in. You only want to block users when they leave the organization or if they mis-behave.
  7. Set Roles for the user by checking the boxes next to the roles you want them to have.The authenticated user role will be checked off automatically. You can check off any number of roles to assign them to that user. As a general rule, two users with the exact same roles can do the exact same thing.
  8. Optionally, check off Notify user of new account to tell Drupal to send the new user an e-mail with instructions about how to log in.

Deleting a user

You should delete users when they leave your organization. If you do not, they will still be able to log in, and possibly make changes to your site.

When you delete a user, you should actually just block their account so that there are still records of what they did. If you really deleted them, every page and comment they wrote would also be deleted.

To delete a user:

  1. Click People from the black bar at the top of the screen.
  2. Find the user you want to delete from the table, and click Edit at the far-right side of the row they're in.
  3. Change their password to something they will not know.
  4. Set their Status to Blocked.
  5. Uncheck all Roles they have assigned to them.
  6. Click Save at the bottom of the page.

Assigning roles

To assign someone a role:

  1. Click People from the black bar at the top of the screen.
  2. Find the user you want to delete from the table, and click Edit at the far-right side of the row they're in.
  3. Scroll down a bit and set Roles for the user by checking the boxes next to the roles you want them to have.You can check off any number of roles to assign them to that user. As a general rule, two users with the exact same roles can do the exact same thing.
  4. Click Save at the bottom of the page.

Resetting someone's password

To reset someone's pasword:

  1. Click People from the black bar at the top of the screen.
  2. Find the user you want to delete from the table, and click Edit at the far-right side of the row they're in.
  3. Enter a Password for the new user. Users will need to type in their password when logging on, and nobody else should know their password. It's a good idea to choose a strong password. Here are some tricks for creating strong passwords:
    • Stick two or more words together to make a word that isn't found in the dictionary (computers can try every word in every dictionary in a matter of minutes).
    • Switch upper and lower case letters, substitute numbers/punctuation for similarly shaped letters. For example,
      • E = 3, i or l = ! or 1, a = @, T = 7, s = 5 or $, H = # or 4, o = 0 or *, …
      • Matthew Wiebe -> matthewiebe -> m@7T#3w!Eb3
  4. Click Save at the bottom of the page.