Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.
By chrispeat on
We have Organic Groups installed, and have associated a new node type 'group post' to OG. Everything works fine until...
We realised that you can access the Group Posts without logging into the webiste - so if you have the URL the page isnt secure. This is a problem as we have private information held here.
How do we secure the nodes so that only logged in group members can view the node?
Im sure this must be easy but im missing something?
Thanks,
Chris
Comments
Node access
After looking into this more node access seems to work as a blanket restriction - so only a certain user can access the content, however users with a certain role can still gain access to content beyond their role.
Does anyone have any further tips?
HTH
Very late reply...
Chris, I've only just seen your post so this is probably for other people....
In permissions any role that may administer nodes steps outside of all access control mechanisms - this is true for Taxonomy Access Control (TAC) as well as groups.