access_user_profiles_by_role
Security covered
Provides a permission per user role that controls whether a visitor can view
the profile of users who carry that role.
How it works
When this module is enabled, one permission is generated for every custom role
(excluding the built-in *Anonymous* and *Authenticated* roles):
View user profiles with role [Role name]
A viewer may see a profile if they hold the permission for at least one of
the profile user's roles. If the profile user has no custom roles the module
defers to Drupal core's own access rules.
Example
Viewer role Permission granted Can view Author profiles Can view Administrator profiles Anonymous- view user profiles with role author
- (none)
- view user profiles with role author
- view user profiles with role administrator
Configuration
Requires Drupal 11.1+ (uses OOP hooks via PHP attributes).
- Enable the module: `drush en access_user_profiles_by_role`
- Go to Administration → People → Permissions
- Grant the desired View user profiles with role … permissions to the appropriate roles.
Notes
- Users can always view their own profile regardless of these permissions.
- Users with the Administer users permission are unaffected; core handles their access as usual.
- Permissions are generated dynamically, so adding or removing a role will update the permissions list after a cache rebuild (
drush cr).