People
People
The default behaviour for Drupal is to require that all new users are individually authorised by the administrator before they can log in to the website. The administrator needs to go to the People option of the administration area and select the individual users to unblock and press the Update button after selecting the Unblock the selected users action.
The user will now receive an email with a one-time login link to allow them to access the system.
Accessing the website using this link will activate the My Account and Log Out options on the secondary navigation and allow access to create comments on those pages that allow comments. The user can also upload a photograph to represent them and change the default time settings for their account.
In this case there are no opportunities to create content as the security has not yet been specified for this account.
CAPTCHA
One very important security consideration forces us to address the installation of an additional module to Drupal immediately. The problem is that your Drupal website is immediately open to spammers when you go live who can register new users at will. You can prevent the accoutns from being activated but this is still an unnecessary administration burden.
The solution is to install the CAPTCHA module which will prompt the user for a simple mathematical answer before registering. You can install a module from the module administration page if you know the correct URL. One way to obtain this URL is to browse to the CAPTHA project page at http://www.drupal.org and copy the link of the latest download file and paste into the URL field below.
The current link is http://ftp.drupal.org/files/projects/captcha-7.x-1.x-dev.tar.gz
Installing the module allows you to immediately enable it but you must configure the User Registration Form to have the default CAPTCHA type.
Now when a new user wants to register they will need to answer a simple maths questions before the request is granted and you can still control the blocking and unblocking from the People administration menu as before.
Roles
Each user can be assigned one or more roles which determine the types of content and activity that they are permitted to perform on the site. There are two roles that are setup for each Drupal site - Administrator and Authenticated User. The Administrator role has rights to all the configuration settings in Drupal and is not normally assigned to anyone but the site administrator. Authenticated User can be used to set up the default security for anyone who has successfully registered a user in Drupal.
[Set security for Roles]