How to disable anonymous user permissions on site build

Question

Using the configuration below I am trying to have my site install without giving anonymous users permission to "View content". I have no other code that would set this permission, and I have this configuration file below in my custom profile. All of my other configs in this profile get imported correctly, but for some reason Anonymous users always get the "View content" permission.

user.role.anonymous.yml

langcode: en
status: true
dependencies: {  }
id: anonymous
label: 'Anonymous user'
weight: 0
is_admin: false
permissions: {  }

Answer 1

I found where it is set: node.install

function node_install() {
  // Enable default permissions for system roles.
  // IMPORTANT: Modules SHOULD NOT automatically grant any user role access
  // permissions in hook_install().
  // However, the 'access content' permission is a very special case, since
  // there is hardly a point in installing the Node module without granting
  // these permissions. Doing so also allows tests to continue to operate as
  // expected without first having to manually grant these default permissions.
  if (\Drupal::moduleHandler()->moduleExists('user')) {
    user_role_grant_permissions(RoleInterface::ANONYMOUS_ID, ['access content']);
    user_role_grant_permissions(RoleInterface::AUTHENTICATED_ID, ['access content']);
  }

So instead in my profile I am going to just use this function: user_role_revoke_permissions()

my_profile_install() {
  user_role_revoke_permissions(RoleInterface::ANONYMOUS_ID, ['access content']);
}

With that function call in my_profile.install I get the permissions set the way I need them.

Answer 2

Use Content Access to block anonymous users viewing any content except logon page, and point 403 page to logon page.