User Management

User Management

A static website is a dead website. Therefore, it is vital that every company who owns or professes to own a website ensure that their staff are contributing to the ongoing flow of content. To that end, it follows we should take advantage of the rich user management tools within Drupal. 

Roles

Decide early on what user roles there are and their use cases. Carefully define these roles, not only in their privileges you select in Drupal, but also in company documentation. You should also explain to users their roles so there are no misunderstandings. 

New Accounts

Define right away if you want to allow new user accounts to be defined and whether they may be defined independently of the user administration module. In most cases, it's usually best if an administrator creates all the new users, rather than allowing users to define themselves (since there's no telling who will wander in and setup an account). 

User 1

No matter what roles you have defined, Drupal convention defines user number 1 as the overall administrator. Be careful who has the login to user 1. Similarly, if your administrator leaves the company, don't delete the account. Rather, change the username and/or password and assign it to their replacement. 

Shared User Logins

This is generally a bad idea. As employees come and go, you don't want to have to redefine everyone's login privileges to maintain security. Neither do you want to leave that shared account unchanged and exposed to mischief. No, it's best practice to always give each person their own login, so that turnover will run most smoothly.