4.6.x core.php hook_perm()
4.7.x core.php hook_perm()
5.x core.php hook_perm()
6.x core.php hook_perm()

Define user permissions.

This hook can supply permissions that the module defines, so that they can be selected on the user permissions page and used to grant or restrict access to actions the module performs.

Permissions are checked using user_access().

For a detailed usage example, see page_example.module.

Return value

An array of permission strings. The strings must not be wrapped with the t() function, since the string extractor takes care of extracting permission names defined in the perm hook for translation.

Related topics

23 functions implement hook_perm()

Note: this list is generated by pattern matching, so it may include some functions that are not actually implementations of this hook.

aggregator_perm in modules/aggregator/aggregator.module
Implementation of hook_perm().
block_perm in modules/block/block.module
Implementation of hook_perm().
blogapi_perm in modules/blogapi/blogapi.module
Implementation of hook_perm().
blog_perm in modules/blog/blog.module
Implementation of hook_perm().
book_perm in modules/book/book.module
Implementation of hook_perm().

... See full list


developer/hooks/core.php, line 1748
These are the hooks that are invoked by the Drupal core.


function hook_perm() {
  return array(
    'administer my module',


joachim’s picture

For the Drupal 7 version of this hook see http://api.drupal.org/api/function/hook_permission/7

dcaillibaud’s picture

Comma can't be used in perm string because permissions are stored in permission table with a comma as separator...

As a workaround, I use the Single low-9 quotation mark utf8 character "‚" instead of comma in my perm string when needed...

JayKayAu’s picture

If someone wants to do something that depends on having this permission, they'll use the user_access() function and need to type in the permission string. If you've put in a single low quotation mark, then the person will have great difficulty when they try to use user_access. Particularly as they'll be causing DB errors and whatnot.

mikeytown2’s picture

Was looking at how to do it; here's how core does it

Karlheinz’s picture

Note to module developers who are creating their own content type:

Most of the common permissions are already set in node.module, so you don't need to add them to your own module. See the node_perm() page in the API documentation.

ash0815’s picture

HTML tags such as <strong>, <em> etc. can't be used because it is being used in name and in the title tag.

HTML-Tags wie <strong>, <em> etc. können nicht verwendet werden da es auch in name und im title-Tag verwendet wird.

cmcintosh’s picture

In Drupal 7 this has changed to hook_permissions

hughbris’s picture

This documentation asks us to see page_example.module without providing a link. Try the page_example.module implementation of hook_perm to save you a few moments searching.

Can we introduce a new documentation principle "don't make me search" with apologies to Steve Krug? :)

[annotation: I now notice other examples of the same failure in the API docs, it's not just this one]

tea.time’s picture

I've just discovered that using the double quotation mark character within a permission name string will not work. The string gets embedded into HTML attributes for the checkboxes on the permissions form, and since form theming functions use double quotes around attribute values, you end up with broken markup.

Single quotation marks, however, seem to work fine.

See: https://api.drupal.org/api/drupal/includes!form.inc/function/theme_form_..., https://api.drupal.org/api/drupal/includes!form.inc/function/theme_check...