User Management

Craft calls all member accounts of the system “Users”.

The first user account is created during installation. If you stick with the Solo edition, this is the only account you will be able to create. If you need more you can upgrade to the Pro edition, which offers additional user accounts.

# Admin Accounts

Admin accounts are special accounts that can do absolutely everything within Craft, including some things that there aren’t even explicit permissions for:

  • Everything within the Settings section
  • Make other users Admins Pro
  • Administrate other Admins Pro

The user account you create during installation is an admin by default.

Considering how much damage an admin can do, we strongly advise caution when creating new admin accounts; only create them for those you trust and who know what they’re doing.

# User Groups

If you have Craft Pro, you can create User Groups to help organize your site’s user accounts, as well as batch-set permissions on them.

To create a new User Group, go to SettingsUsers and choose + New user group. You can give your group a Name and Handle, plus any permissions you want every user within the group to have.

After you create your groups, you can assign users to groups by going into their account settings and choosing the Permissions tab.

# Permissions

Craft Pro allows you to set permissions on users and groups, such as the ability to access the control panel, edit content within certain sections, etc. You can apply these permissions directly to user accounts as well as to user groups. When you apply permissions to a user group, all users that belong to that group will inherit them.

Make sure you trust users with access to settings that accept Twig code, like the Settings section and the System Messages utility. It’s possible to do potentially-malicious things in Craft via Twig, which is intented primarily for trusted admins and developers.

The permissions Craft comes with are:

Permission Handle
Access the site when the system is off accessSiteWhenSystemIsOff
Access the control panel accessCp
↳  Access when system is offline accessCpWhenSystemIsOff
↳  Perform Craft and plugin updates performUpdates
↳  Access [plugin name] accessPlugin-[PluginHandle]
Edit users editUsers
↳  Register users registerUsers
↳  Moderate users moderateUsers
↳  Assign user permissions assignUserPermissions
↳  Assign user groups assignUserGroups
    ↳   Assign users to [group name] assignUserGroup:[GroupUID]
↳  Administrate users administrateUsers
↳  Impersonate users impersonateUsers
Delete users deleteUsers
Edit [site name] editSite:[SiteUID]
Edit entries editEntries:[SectionUID]
↳  Create entries createEntries:[SectionUID]
↳  Publish entries publishEntries:[SectionUID]
↳  Delete entries deleteEntries:[SectionUID]
↳  Edit other authors’ entries editPeerEntries:[SectionUID]
    ↳  Publish other authors’ entries publishPeerEntries:[SectionUID]
    ↳  Delete other authors’ entries deletePeerEntries:[SectionUID]
↳  Edit other authors’ drafts editPeerEntryDrafts:[SectionUID]
    ↳  Publish other authors’ drafts publishPeerEntryDrafts:[SectionUID]
    ↳  Delete other authors’ drafts deletePeerEntryDrafts:[SectionUID]
Edit [global set name] editGlobalSet:[GlobalSetUID]
Edit [category group name] editCategories:[CategoryGroupUID]
View [asset volume name] viewVolume:[VolumeUID]
↳  Upload files saveAssetInVolume:[VolumeUID]
↳  Create subfolders createFoldersInVolume:[VolumeUID]
↳  Remove files and folders deleteFilesAndFoldersInVolume:[VolumeUID]
↳  Replace files replaceFilesInVolume:[VolumeUID]
↳  Edit images editImagesInVolume:[VolumeUID]
↳  View files uploaded by other users viewPeerFilesInVolume:[VolumeUID]
    ↳  Edit files uploaded by other users editPeerFilesInVolume:[SectionUID]
    ↳  Replace files uploaded by other users replacePeerFilesInVolume:[SectionUID]
    ↳  Remove files uploaded by other users deletePeerFilesInVolume:[SectionUID]
    ↳  Edit images uploaded by other users editPeerImagesInVolume:[SectionUID]
↳  Updates utility:updates
↳  System Report utility:system-report
↳  PHP Info utility:php-info
↳  System Messages utility:system-messages
↳  Asset Indexes utility:asset-indexes
↳  Queue Manager utility:queue-manager
↳  Clear Caches utility:clear-caches
↳  Deprecation Warnings utility:deprecation-errors
↳  Database Backup utility:db-backup
↳  Find and Replace utility:find-replace
↳  Migrations utility:migrations

See the Extending Craft User Permissions page to learn how to register custom permissions for your module or plugin.

# Checking Permissions

You can check whether the logged-in user has a specific permission by using its handle, replacing any bracketed items in the table above with the desired value (So accessPlugin-[PluginHandle] would become accessPlugin-commerce).

{% if currentUser.can('accessCp') %}
  <a href="{{ cpUrl() }}">Visit the Control Panel</a>
{% endif %}

# Requiring Permissions

You can also require the logged-in user to have a specific permission to access an entire template:

{% requirePermission 'accessCp' %}

# Public Registration

Craft Pro has the option of allowing public user registration, which is disabled by default.

To enable public registration, go to SettingsUsersSettings, and check Allow public registration. With that checked, you will also have the ability to choose a default user group to which Craft will assign the publicly-registered users.

Once you set up your site to allow public user registration, the last step is to create a user registration form (opens new window) on your site’s front end.