Content Access

Application: 
OSU Drupal 6

The Content Access module is a contributed module that allows a permitted user the ability to set fine-grained access control to content.

This means that content contributors can determine whether or not to allow the visibility of published content.

content access configuration panel including role based access control settings fieldset and per content node access control settings

Using this module, content access can either be broadly restricted by content type, which is configured by an advanced author or administrator.  It can also be configured so that content can be controlled on a per node basis.  When this option is used, a tab is provided on each node that allows the content contributor to restrict the content as needed.  This means that authors can restrict content as well.

The most common use case for a feature such as this is to create something like an "intranet" within a Drupal site whereby content can be seen by members of the site only.

Restrict Content Access By Content Type

Application: 
OSU Drupal 6

Restricting content access by content type is a broad application of the Contact Access module.  What this means is that a permitted user designates a particular content type to be editable and/or viewable by only a certain subset of people.

An example of when this might be used would be if a group wanted to create some type of internal training documentation for the members of their site.  A custom content type such as "Internal Training" could be created, for example, and content access could be restricted to only those roles that it applies to.  In the default OSU Drupal 6 installation, this would be authors, advanced authors, and administrators.

The roles that can configure this are limited to advanced authors and administrators.  Once it is set, it is applied to all nodes of that particular type.

In the following example, we'll restrict the Book page content type so that only authors, advanced authors, and administrators can view and edit the content - please note, though, that this can be done on any content type of your choice:

  1. Go to Admin menu > Content management > Content type > Edit Book page > Access control.
  2. Once in the Access Content configuration panel, in the Role based access control settings fieldset, uncheck all anonymous user and authenticated user checkboxes.
  3. Click the Submit button.

content access panel with anonymous and authenticated users unchecked

From this point on, any visitor who comes across the url of a Book page content type and is not an author, advanced author, or administrator on this particular site, will see the following message:

access denied message to non-permitted user

Restrict Content Per Node

Application: 
OSU Drupal 6

Restricting content access by node is a narrow application of the Contact Access module.  What this means is that a permitted user designates a particular node to be editable and/or viewable by only a certain subset of people.

An example of when this might be used would be if a group wanted to create some type of non-categorized content that should only be viewed by a particular subset of people.

The roles that can configure this are limited to advanced authors and administrators, but once it is set, a tab appears on each node of the content type and an author, in addition to the other roles, is able to desginated whether the content should be restricted to authenticated and anonymous users.

In the following example, we'll restrict the Book page content type so that only certain node IDs are viewable/editable by authors, advanced authors, and administrators - please note, though, that this can be done on any content type of your choice:

  1. Go to Admin menu > Content management > Content type > Edit Book page > Access control.
  2. Once in the Access Content configuration panel, in the Per content node access control settings fieldset, check the Enable per content node access control settings checkbox.
  3. Click the Submit button.

role based access control settings with checked=

Once this setting is checked, it will provide an Access Control tab at the top of every node of this content type.

Within the Access Control tab, you may then select the roles you wish to have access or deselect the ones you wish to prevent access.  In the example below, we are restricting the viewing of the node for anonymous users.

access control tab for a single node

From this point on, any visitor who comes across this restricted Book page node and is not, at least, an authenticated user on this particular site, will see the following message:

access denied message to non-permitted user