#9: Better Control of User Permissions
One of Drupal's great advantages over plain HTML is that it assumes your site will have multiple users with varying levels of permission. For example, you might decide that some users are "writers," able to post their own content… but that their work has to be approved by an "editor" before becoming visible to the public.
Drupal has long offered extremely fine-grained permission controls. For example, you could allow someone to edit (but not delete) his or her own blog entries. With that flexibility comes confusion, though, and the dozens of checkboxes on Drupal 6's default permissions screen often threw new administrators for a loop.
While the number of checkboxes hasn't changed much in Drupal 7, they're better organized and documented. Each permission includes a description of what it does; changing permissions for all logged-in ("authenticated") users also changes logically related permissions; and a new "Administrator" role helps you delegate responsibilities for running the site (see Figure 9).
Figure 9 Drupal 7 automatically gives administrators all rights that authenticated users have.