Access and security are collateral concerns born out of the world of the internet. When a website is under development, a major chunk of time and effort goes into making it secure from all sorts of malicious activities. Taking the threats and data breaching affairs into account, every platform has a protocol to follow. For the security and usability purpose, every website has certain permissions granted to view, edit, or delete the content on the site. For example, open source CMS like Drupal provisions various modules that let you configure the user access.
What is user access?
Every website has a tech team working on the development of the site while they assign certain roles in the process to each individual. Similarly, user access is the possession of a particular role on the website that allows the user with specific permissions. The user access is determined by the site owners who assign the roles to the users with a login Id and password.
In this blog, we will be talking about the user access permissions in Drupal 8 and understand how it works with the available modules.
Permissions management in Drupal 8
With a lot of different functions and features, the permissions in Drupal 8 work in a little different way. From viewing published content to changing the state of functions and features, permission control access in Drupal is assigned as a role. There are 3 default roles as follows:
- Anonymous: Visitors who are not logged into your site.
- Authenticated: User with an account who’s login is authenticated with a minimum set of permissions that are given to all logged-in users.
- Administrator: Users who can do everything on the site and change the functionalities.
Limitations of permissions management in Drupal 8
These default roles are quite limited in themselves. They do not define the access in detail and require modules to further strengthen the access control. Following are the limitations:
- The roles you create yourself or the authenticated user role do not receive the permissions given to anonymous users.
- There’s no granular control at various level.
- In case of a lot of custom modules where the contributed modules introduce important functionality, the piece of code requires more hold of access levels which isn’t available.
Thus, we need user access modules that will grant broader access control and permissions.
Top Drupal 8 user access modules
Here is a list of the most popular user access modules for Drupal 8 depending on the functionality you want for your website:
#1 Node View Permissions
Apart from allowing the combining of other user access modules, the Node View Permission module adds two types of permissions to all content type, namely, "View own content" and "View any content".
#2 Menu Admin per Menu
As the name suggests, the Menu Admin per Menu module permits and restricts access to only Administer menus and menu items to add, modify or delete menu items. It gives access to certain sections of the menu without giving access to the full admin panel.
#3 Block Content Permissions
You can gain the control access to administer block content types (custom block types), administer block content (custom block library) that lets you create, update, or delete specific types of block content with this module. However, the Block Content Permissions module doesn’t remove the block permissions from "Custom block library - Blocks" views page
#4 Protected Pages
Every website has multiple pages with different types of content and not every information can be shared with every user with a role. Thus, the Protected pages module allows the admin to protect certain web pages with a protection password. Further, you can also ser session expiry time, bypass permission and global password settings to strengthen the security feature.
#5 Permissions by Term
Based on the taxonomy terms, you can restrict the access to specific content on the website. The permissions are applied to the user roles and work well for nodes, views, menus, etc. The Permissions by Term module also aids in linking the taxonomy terms with specific accounts.
#6 Vocabulary Permissions Per Role
Within the taxonomy access, you can set up permits only for content editors to work with a particular taxonomy vocabulary without hampering the “administer taxonomy” permissions. The Vocabulary Permissions Per Role module gives you control over the number of users with permissions and access.
#7 Override Node Options
You can now set permissions for each field on the node form within the Authoring information and Publishing options fieldsets. The Override Node Options module can also let your make certain fieldsets collapsible.
#8 Block Region Permissions
Control access to block management within each region of your website’s theme with the Block Region Permissions module. The module grants access to see the following:
- Region's header, message, and blocks on block layout page
- Region in region selector fields on block layout page
- Region in region selector field on configure and place block pages
- Can update or delete blocks placed in region
A contributed module, Workflow allows you to create workflow states for various node types. Further, it allows transitions between states like updating from “Draft” to “Published” and similar per role. It enables you to set up the Workflow to alter states from form, page, comment, a special block, and a special workflow tab.
#10 Content Access
As per the role and author, the content access module lets you manage the permissions for content types. You can specify custom view, edit and delete permissions for each content type or enable the content access settings. Thus, it allows customization of access for each content node.
These modules are more than a boon for your Drupal website. They impart the highest of security walls for the users and helps your website remain safe from third-party users. The modules are designed to make sure that the user roles and permissions are not misused by the users and they optimize the development process for the team.
To know more about the power of Drupal, drop us a line at [email protected]