Make the user permissions page less daunting for new users

Created on 20 December 2024, 1 day ago

Problem/Motivation

If you aren't very familiar with Drupal, the permissions page (admin/people/permissions) is going to be confusing at best. What does "Content block: Administer display" mean anyway?

I propose extending *.permissions.yml files to add help text. They currently have descriptions, but the help text would be for a longer explanation that would include possible use cases, side-effects, the roles that the permission might be appropriate for, etc. The help text would be conversational and designed for beginners.

I also propose adding sections to each module's permissions. E.g., "Delete own files" could be put in a "user" section, while the much more consequential "Delete any file" could be put in an "advanced" or "admin" section.

There would be a multiselect filter at the top of the page listing the sections and the user could choose which sections they want to see.

Steps to reproduce

I don't know if Drupal CMS is being tested with non-Drupal users, but if so ask them what they think of the permissions page.

Proposed resolution

I posted a module with a proof of concept. See this page for the changes to *.permissions.yml files and see the image on this page for what it looks like.

See https://www.drupal.org/project/permissions_repository β†’

Remaining tasks

If there's interest, I'll clean up the module code and implement the missing parts. I'll also resolve issues with the tooltip module; maybe a variant of that module could be put into core too since it seems like it would get a lot of use.

User interface changes

See the image for what it looks like now. I'm more than willing to defer to others on how these new features appear in the UI.

API changes

TBD. The service I created could just be used by the permissions page, or it could replace the existing service.

✨ Feature request
Status

Active

Version

11.1 πŸ”₯

Component

user system

Created by

πŸ‡ΊπŸ‡ΈUnited States TolstoyDotCom L.A.

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @TolstoyDotCom
  • πŸ‡¦πŸ‡ΊAustralia larowlan πŸ‡¦πŸ‡ΊπŸ.au GMT+10

    I also wonder if we could do some route lookups and list paths the permission would grant you access to

  • πŸ‡³πŸ‡ΏNew Zealand quietone

    @tolstoydotcom, I think this is a duplicate of #1765576: Redesign Permissions Page β†’ . Can you confirm?

  • In the least it should be part of that issue or incorporated into it.

  • πŸ‡ΊπŸ‡ΈUnited States TolstoyDotCom L.A.

    The two issues are related, but I don't think this is a duplicate: the other issue is about how to present the info, this issue is about giving more info. As with art, I know what UX I like but I can't draw a crooked line so I'm perfectly willing to let others handle that aspect of things. No matter what it ends up looking like, the permissions page is going to need more info if anyone expects regular users to use it. Regular users are going to need much more detailed explanations of what various things do.

    And, there needs to be some sort of structure rather than confronting them with dozens of permissions from one module. Field UI has 28 permissions and Node has 42. That's going to overwhelm people and dividing the permissions into sections would make it easier for newer users. One of the node permissions is "Bypass content access control"; regular users aren't going to understand what that means, the side-effects, etc etc without a detailed explanation and examples.

  • In that case I think this issue needs a title update to more clearly indicate its scope. Additionally, you should comment at #1765576: Redesign Permissions Page β†’ to alert the followers of that issue of the existence of this issue.

Production build 0.71.5 2024