Roles during the lifetime of a website.

Roles for a website can be done in many different ways.

Taking a look at the stages of website;

  1. Pre-Live - Developing, building and theming features.
  2. Going Live - Start putting in the content, test features.
  3. Live - Maintaining the website and managing content.
  4. New features - Creating and implementing new features

With that mind, lets think about roles needed to perform the duties.

 

Admin Role (default):

Not a big fan of using this role. The reason being that if the need arises that to limit the admin role it is not possible. For example; The owner of a website wants to give developer access but not allow that role to manage permissions. Giving the owner control of the website and not be able to be locked out.

 

Builder:

This is pretty much the admin role. But creating a separate role gives certain flexibility but creates a little more work. The extra work is simply adding the permissions from any newly installed modules. This is actually a pro because it forces the builder to look through the permissions and learn what they are. As tedious as it is to go through all the permissions it is critical that the builder of the website know the permissions inside and out. The flexibility comes from being able to remove permissions from the builder role if needed.

 

Maintainer:

The role that will maintain the backend of the website after it goes live. This role doesn't need every single permission like the builder role gets, but it is still a trusted role.

 

Developer:

This role is for giving access to outside developers. What they are doing on the website will determine how the permissions are configured.

 

Content:

This is the for the people creating and managing the content. They will not be touching any type of configuration so make sure the permissions are well locked down.  If the website has a published+editor workflow, this role can be split into two and from there it depends on how the publishing process is setup.

 

Standard User:

Just a regular user of the website. Could a client or a customer or a content consumer. They will get limited permissions and make sure to triple check they don't have access to something they shouldn't.

 

No account:

Visitors to the website that are browsing your content. Extremely limited permissions for them, but enough to do the basics. Want to be sure they can see the node content, access and submit forms, etc.