Drupal relies heavily on its user system to manage permissions for different users and roles. It provides default anonymous and authenticated user roles, and allows the creation of customized roles and access rules to control what different types of users can access. The user management area in Drupal core provides controls for user registration settings, permissions, roles, profiles, and listing and editing of individual users. Care must be taken when assigning permissions and roles to limit users' access to only what they need.