Control which Roles can be Assigned in Drupal using Role Delegation

Don’t forget to subscribe to our YouTube channel to stay up-to-date.

The roles and permissions system in Drupal is powerful, but it can be tricky to configure correctly. Some permissions give a role too much privileged access where others aren’t granular enough.

An excellent example of this is if you need to create a role to manage user accounts.

Drupal comes with the permission “Administer users” which lets you create user accounts, only give this permission to trusted users.

The above mention permission allows you to create user accounts but you can’t assign them roles without “Administer roles and permissions”. But this permission (“Administer roles and permissions”), will enable you to assign any roles, including the default Administrator role.

From this:

To this:

In some circumstances, you don’t want users who can create user accounts to have the ability to assign any roles, especially the Administrator role.

What if you want to control exactly which roles can be assigned? This is where Role Delegation can help.

Getting Started

To get started, download and install Role Delegation.

composer require drupal/role_delegation

Using Role Delegation

All the module does is offer granular permissions for assigning roles.

Once the module is installed, go to People > Permissions and search for the Role Delegation section.

You’ll notice that you get a specific permission for each role, and you also get the “Assign all roles” for absolute power.

All you need to do is give one of the “Assign {role} role” permission and they’ll be able to assign users into that role.

Assign Role

Once a role has been assigned a few “Role Delegation” permissions, they can assign roles in two ways.

First, if you edit an account you should see the Roles checkbox below Status.

The module adds a new tab on user accounts called Roles. This page has all the allowed roles as checkboxes.

Select a role and click on Save to assign them.

Summary

The functionality that Role Delegation offers should be in Drupal core in my opinion. If you need to control which roles can be assigned then it’s a useful module to add to your Drupal site building toolbox.

FAQ

Q: I can’t see the “Administer roles and permissions” permission on my site?

It was changed from “Administer permissions” to “Administer roles and permissions” in Drupal 9.1.

Ivan Zugec

About Ivan Zugec

Ivan is the founder of WebWash and spends most of his time consulting and writing about Drupal. He's been working with Drupal for 12 years and has successfully completed several large Drupal projects in Australia.

Leave a Comment

You have to agree to the comment policy.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Media Management in Drupal

Download a FREE 8 part video course on managing media in Drupal.