The following roles are defined and each has specific permissions. Consult the Access tables for exactly what permissions they have. Most of them control access to specific job related functions and  have just enough permissions to do that job. 
  • Active Volunteer - no useful permissions currently
  • Admin - can do almost anything except a few things reserved for uid=1 (webmaster)
  • anonymous user - read most, write almost nothing
  • authenticated user - read most, write comments and forums
  • Blogger - can create and manage a blog
  • Editor - can edit most things but not much configuration
  • Forum Moderator - moderate forums
  • Hike submitter - submit hikes
  • Maintainer - access to  more trail information
  • Member - member prices
  • News - can add news items
  • Photos - can add photos
  • registering - temporary state between anon and authenticated until email verified - can't write comments but can buy things.
  • Staff - between Admin and Editor
  • Store Owner - configure store and look at orders
  • Tech - Extends Admin permissions