- Recent posts
- How to Customize a Drupal Web Site
- How to Search for Drupal Themes, Modules and Information
- How to Check if a Theme supports Local Changes
- How to Customize a Site's Appearance by Creating a Sub-Theme
- How to Make Changes to a Drupal Theme
- Inserting & Using PHP in your Drupal Site's Content
- The basics of using Java Script in Drupal
- How to Create a Basic Drupal Module
- Creating a Custom Ubercart Import / Export Module
- Configuring your site for https when on cart pages
- Configuring the MediaFront Open Standard Media (OSM) Player
- How to Create Pages Only Customers Can See
- How to Handle Comment Spam & Offensive Postings
How to Create Pages Only Customers Can See
Introduction to Configuring Site Access Permissions
If you have a web site providing eCommerce or other professional services, it is a good idea to configure your site with different sections and other pages only available to site members, paying customers and/or your staff. Drupal makes this quite easy, once you know a few concepts that I'll explain shortly. In a few minutes you'll be able to create new content that only specific types of people will be able to see. Another nice feature with Drupal is how such content does not even show up in the menus when someone without permissions to see these pages visits your site.
In this tutorial, the steps are given to configure your Drupal site so “customers” and “staff” have different levels of access and control over what they can do on your site.
The information provided includes:
- A general background of Drupal site permissions and user roles,
- Creating two new user roles, and the configuration of their permissions
- Configuration of the Access Control module
- Creating a new content type with special access permissions
About Drupal Site Permissions & User Roles
You may already be familiar with the concepts of anonymous and authenticated users. Anonymous users are people visiting your site without logging in. Authenticated users are people visiting your site who have logged in. Note that up until a person actually logs into the site, they are treated as an anonymous user.
Anonymous users have limited access to sections and other content of your site. Typically, they have the least access of anyone. Authenticated users also have limited access to areas of your site, but they usually are given access to more areas than anonymous users.
The control of who has access to the different portions of your site is handled with permissions settings. However, because a web site can have anywhere from hundreds to millions of authenticated users, handling permissions on an individual user basis is not practical. The architecture of Drupal uses the concept of user roles to handle permission assignments in bulk.
A user role, typically shortened to just role, is nothing more than a set of permissions given a name for easy assignment. When a new user’s account is created, the new user is assigned a role. That’s just shorthand for assigning them the permissions you’ve assigned to some named role. Drupal installs with three default roles, but you can create as many as you like. Each role you define is simply a collection of permissions, available for assignment to new and existing users. The three default roles Drupal installs with are:
- Anonymous users
- Authenticated users
- The administrator (admin) user
There are three key pages you will use to configure your site’s roles and permissions:
- admin/user/permissions where you set individual permissions
- admin/user/roles where you create new user roles
- admin/content/node-settings where you rebuild site permissions after changes
When visiting the admin/user/permissions page of your site, you will see something like this:
A portion of the Permissions settings page, showing two different user roles
The page will continue for quite a bit, with permissions settings for all the modules and features of modules installed on the site. Note that with a fresh Drupal install there are only two roles listed, anonymous and authenticated users. The administrator role is not listed because that user role has irrevocable permissions to access everything. Therefore, the admin role is not listed on the permissions administration page because individual permissions cannot be removed from the administrator.
If it is not clear already, the key to enabling your site with different sets of permissions for different types of users is to create a unique role for each. The user that is a customer receives a role of “customer”, where that role has the permissions granting access to product support types of pages. Likewise, users that work for your company receive a role of “staff”, where that role has permissions granting access to the eCommerce administration pages of the site.
If you have any questions or suggestions for how I can improve the above, please write a comment. Constructive comments will be followed as much as possible. For the next section, please visit Creating User Roles & Setting Their Permissions.
(C) Copyright 2011 by Blake Senftner, All Rights Reserved.
Comments
Post new comment