In this article, we will look at an entirely different aspect of running a Drupal website. Once we have added the functionality to the site, we now have to give some thoughts about how this functionality is to be accessed, or by whom. As the site grows, you will most likely feel the need to delegate certain responsibilities to various people. Alternatively, you might organize a team of people to work on specific aspects of the site. Whatever is required, at some stage you will have to make decisions about who can do what, and Drupal makes sure that it is possible to do precisely this.
Having Drupal simplify the implementation of your access control policies does not mean that the task is a trivial one. There is still much thought that needs to go on behind the scenes in order to create a sophisticated, and above all, effective policy for controlling access to the site. Because of this, we will spend a bit of time exploring the ramifications of the various choices available, instead of simply listing them. Taking a holistic approach to implementing an access control policy will ensure you don't end up with any nasty surprises down the line.
Specifically, this article will look at Planning an access policy, Roles, Users, and Access rules.