Stacked Permissions
Stacked Permissions allows you to grant users permissions directly, separate from roles, by assigning them to custom permission groups. This provides more granular control, enabling you to add specific permissions to users or create temporary groups for event-based access. Users will inherit permissions from both their assigned roles and any permission groups they belong to.
Stacked Permissions adds a new way to assign permissions to users — outside of roles — by using permission groups that "stack" directly onto user accounts.
This is ideal for organizations needing more granular or situational permission control than roles can provide.
Features
- Define Permission Groups with selected permissions.
- Assign users to those groups.
- Users receive permissions from:
- Their roles
- PLUS any Permission Groups they belong to.
- Admin interface for:
- Defining "allowed permissions" (what groups are allowed to grant)
- Managing group membership
- View integration:
- Display a user’s permission groups
- Add tabs to user profiles
Configuration Steps
Set Allowed Permissions
Go to: /admin/config/people/stacked-permissions/allowed
- Choose which permissions are available to groups
- Only those permissions can be granted in groups
Create a Permission Group
Go to: /admin/content/permission-group/add
- Give it a name
- Assign permissions (from the allowed list)
- Add users to the group
User Permissions Now Stack
Users receive:
- Standard role permissions
- PLUS permissions from any permission groups they belong to
User Profile Tab
The module includes a view:
/user/{uid}/assigned-permission-groups
This appears as a tab on user profiles (next to View / Edit) and shows:
- Groups the user belongs to
- Permissions granted via groups
This tab is automatically added when the module is installed.
Developer Notes
- Permission group logic wraps Drupal’s AccountInterface::hasPermission() using a proxy.
- Custom entity types:
- permission_group
- permission_group_membership
- Fully compatible with user role permissions
Example Use Cases
- Assign "Editor" permissions to a specific user without changing their role
- Create temporary groups for event-based permissions
- Manage permissions across departments without changing global roles
Similar projects
- Group: broader group content ownership
- Role Assign: simpler UI for role management
- Permissions by Term: restrict access based on taxonomy
Supporting this Module
If this module saves you time or adds value to your project, you can show your support in two ways:
- Buy me a coffee to say thanks:
https://buymeacoffee.com/tylerhastain - Want to contribute or sponsor development?
Reach out directly if you're interested in helping improve or maintain the module — contributions, ideas, and support are always welcome!