Drupal's permission system is not powerful enough in many use cases and it can be extremely hard to use the administration UI. Come to this core conversation to discuss how we can improve it.

Problem

As a site build is progressing, the permission page grows. My hand is almost shaking when I have to load that page to make some adjustments. Each time you enable a module it provides new permissions, and you really need to know what you are doing when you grant one of them to your users. Some of these permissions cover others, but the UI doesn't reflect this. In many cases, the granularity doesn't fit for your needs. For example, having an "administer something-type" permission beside the few low-level one is not enough. So we end up granting too powerful permissions to our clients. Just think about the administer users permission.

In a module developer point of view when we define our module's permissions there is no relation between them, so we are not able to implement more detailed right management logic in an easy and convenient way.

Goal

The goal is to make the permission system more usable both for site administrators and developers. Make it possible for the latter to define hierarchy between permissions, and provide a more granular set of permissions. Present these permissions on the UI in a transparent, not overwhelming, way which is straightforward and easy to manage.

Proposed Solution

Introducing a hierarchical permission system, so that module developers can define nested permission sets for their modules and can do permission checks using the hierarchy. This allows us to design a new user interface for managing permissions that gives site administrators a better user experience.

Review the work that has been done since last year's Google Summer of Code.