Each user has a role, which can be assigned by admins from a menu of roles on the user's profile edit form. Administrators can administer the site. Editors have fairly extensive rights, but not permissions to access technical administrative tasks. Using the 'People' tab from the Admin menu, Administrators can create new users and may wish to create Contributors for their own section of the site.
The key concept is that a logged in user of the site does not have their own permissions directly. The user has a role, and in turn the role has a set of permissions. Therefore to give a user permissions, you assign the relevant permissions to a role, then assign that role to an individual user. A user can have more than one role.
Contributors have very limited rights. They can create content in the relevant section of the site, and can edit or delete content they have created themselves. Because they have fewer rights, the administrative interface they see is simpler.
The important permissions which editors have are to administer all content in their own section of the site, including:
- viewing the content overview page
- creating, editing or deleting all content in their own section of the site
- creating Webforms, and viewing 'Results' of Webforms (Webforms are found on the CAMWS site only)
- administering blocks (from Structure > Blocks on the admin menu)
- adding or deleting items from menus
- creating new users (so an Editor can add someone as a Contributor)
- administering comments (if comments have been activated for a piece of content)
To see a list of available permissions for each role, visit the People > Permissions page. Here it is possible also to create new roles. There a significant limitation on this page. It controls which role can create which kind of content, but not which roles can view unpublished content of a particular type. A particular content type can be placed under more granular access control from Structure > Content Types > [choose the Content type for which you wish to grant or restrict access] > Access Control.