This page describes the basic usage of the Content Access module. This basic usage of controlling content types' access control is enough for most users, so it's very likely you'll find what you are looking for here.
Why use Content Access instead of Drupal's default access control system?
The Content Access module is a layer on top of Drupal's access control system, but it provides more fine-grained access control (node-level or content type level), greater usability and more options. So instead of ticking/unticking the checkboxes on Drupal's permissions page, you go to the node or content type whose visibility you want to control and change its access control settings.
There is no global configuration page for this module. It's coupled to content, so configuration is accomplished by
- enabling the appropriate permissions in the site-wide permissions area,
- configuring access for content types and
- optionally configuring access for nodes themselves.
Example Use Case - Role Based Access Control
A client asked you to build a site with a section into which he or she can put his invoices, and only the client and the accountants in the company can access this section. The "section" in Drupal's terms is a content type we'll call invoice.
Next, create user roles called "clients" and "accountants", and assign any users who are clients or accountants into these roles.
- After creating the user roles and content type and enabling Content Access, go to the content type edit page for this content type (e.g. in Drupal 7 'yousite.com/admin/structure/types/manage/invoice' and in Drupal 6 'yoursite.com/admin/content/node-type/invoice'). There you'll find a new tab called Access Control.
You find inside Access Control these basic Role Based Access Control Settings, for working with published content of this content type:
- View any invoice content: Allow the checked role(s) to view the nodes (content) of this content type.
- View own invoice content: Allow the author (from the selected roles) of the node to view it.
- Edit any invoice content: Allow the selected role(s) to edit nodes of this content type.
- Edit own invoice content: Allow the author (from the selected roles) of the node to edit it.
- Delete any invoice content: Allow the selected role(s) to delete nodes of this content type.
- Delete own invoice content: Allow the author (from the selected roles) to delete the author's own node of this content type.
Note that users need at least the access content permission to be able to deal in any way with published content.
- Back to our use case, you select View any content for the accountant & client roles.
- Now published invoices will be only visible to people (users) from the previously selected roles. Be sure to test your configuration by logging out or logging in as another role and trying to view the node.
- On this page you can also enable Per Content Node Access Control Settings.
Per Content Node Access Control Settings
If the Node-level access control box is checked for a specific content type, a new tab for the content access settings appears when viewing content. You have to configure permissions to access these settings at the site-wide permissions page (Drupal 7 = admin/people/permissions). There are two available permissions here:
- Grant content access - View and modify the content access rules for any nodes on the site.
- Grant own content access - View and modify content access permissions for a user's own nodes
Once node-level access control is enabled for a content type, roles that have been granted content access will see a new Access Control tab when viewing nodes for which they have content access control.
In addition to role-based access control (as above), the node-level access control page includes a section for creating and managing User Access Control Lists, which allow the user to grant access to specific users to view, update, and/or delete the node.
Select individual users to grant access by entering their name in the Add user lookup field.