By dflasse on
Hi,
We'd like to use Drupal as our main intranet platform. There's a simple feature (at least to me) that I can't find. How can I restrict book access to a role? I've found the nodeaccess module but it only secure one node. All children page are not protected. Manually protecting all pages is not an option (some confidential data could be made public by mistake).
Any help greatly appreciated,
Damien
Comments
OG
You could section off areas of the site using Organic Groups module and put your book pages into those groups. Only people signed up to those groups can look at everything within them.
nodeaccess
It doesn't exactly help me. When you make a search, you're able to find pages you shouldn't have access to. I do prefer the nodeaccess behaviour but it secures node but not the book (children pages).
I'm still desperately hoping for a solution. Apart from this, Drupal looks perfect to me.
You may also need to...
You may also need to make sure that those child pages are also associated with the group (I don't think it's done automatically if the parent is in the group)... You could enforce this by setting 'Audience required' for book pages through the OG settings page.
OG
Would this prevent not only access to the book material via the Search function, but also by search engines, so that, e.g., our operations manual wouldn't show up on a Google search?
_
This is a pretty old thread-- so I have no idea if any of the other info is still valid, but google (and other search engines) crawl the site as an anonymous user-- anything anonymous users see the crawlers will see.
Thanks
Thanks, that helps!
Securing Book During Drupal 6.19 install
I've got a book created that needs to stay secure--accessible only to employees with specific roles. I am using the Book Access module for this. The site is offline; but I'm *finally* getting ready to install online. Given that we need to turn off all non-"Required Core" modules for the install, how can I make sure that the book data is not exposed to any search engines (and stays entirely secure) during the install process?
Maybe this is a given, and as long as I enable the "Book" and "Book Access" modules immediately after the install everything will stay secure...but I believe I have to enable "Book" first, and *then* "Book Access". This isn't exactly Top Secret stuff--just an operations manual--but I just want to be sure that nothing might inadvertently get picked up between enabling "Book" and enabling "Book Access" (or any other way) and end up cached on a search listing.
Hope that makes sense...thanks so much.
_
I usually just back up and restore with all modules as they are. Just clear the cache first and it should be fine.
for new site?
So, if I'm installing to the online site for the first time, should I just create a new site with a default database, then maybe install the backup/restore module and "restore" my developed offline site to the default online site?
_
Sorry-- i've no clue about the current state of backup and restore modules (i do all that through the command line). But I would think you'd have to install a base drupal in order to use a module for a restore-- honestly, i'm not sure how that would work (restoring a different site over the current site). Maybe check the docs for the module you plan to use?
My bad
Sorry, I may have butchered the question. I basically just have a site developed on my local machine (using MAMP) and want to make sure I don't temporarily expose any material that's supposed to be restricted during the install to the (as of now non-existent, but about to install drupal 6.19 to server) online site.
I *think* that the answer is just to create a basic/default Drupal 6.19 installation online, then make sure to upload all the contributed modules from my offline site to the sites/all/modules directory, then "restore" the offline database to the new online site; at which point the online site should be a duplicate of the offline site, with the appropriate content, permissions and modules active. Does that sound right?
Thanks for the help...I haven't been able to find this addressed elsewhere...
_
If you have access and can use the command line, then you don't need to go through the extra step of doing an 'empty' drupal install. See http://drupal.org/node/679054 for more details.