We all love Drupal's granular permission and access control system! And yet: its life-saving hierarchy of user roles and permission levels is strictly for creating/editing content. Since Drupal wrongly assumes that all site visitors should be able to visualize all published content, right? But what if this default assumption doesn't suit your specific use case? What if you need to restrict access to content in Drupal 8?
… to limit users' access to certain content on your website? So that not all visitors should be able to see all published nodes.
In this case, Drupal's typical access control system for creating and editing content is not precisely the functionality that you need.
But there's hope!
And it comes in the form of 6 Drupal 8 access control modules that enable you to give content access of different levels, ranging from “average” to “more refined”.
But First: An Overview of Drupal's Typical Access Control System
Now, we can't just jump straight to the “more sophisticated” content access solutions in Drupal 8, not until we've understood how its basic access control system works, right?
As you can see, in the screenshot here below, the logic behind it is pretty straightforward:
- while in your admin panel, you need to access the People menu > Permissions
- and there, you just assign different user types (authenticated, admin or anonymous) with specific sets of permissions (to administer blocks, to post/edit comments, to modify menus on your Drupal site etc.)
As you can see, Drupal's typical access control system is not configured so as to enable you to restrict visitors' access to specific content on your website.
Or to limit user access to a more granular level other than the standard “logged in/not logged in user”.
1. Access by Entity
If you're not looking for anything “too fancy”, just a straightforward functionality for controlling access to view/edit/delete content entities, then this module's THE one.
And here are 2 of its most common use cases:
- you define some access-restricted premium content areas on your Drupal site, for “privileged” user roles only
- you grant publish/edit permissions to certain groups on your website, having specific predefined user roles
2. Content Access
Definitely a go-to module when you need to restrict access to content — to specific content types — in Drupal 8.
It enables you to:
- set up specific access control roles
- define custom granular restrictions based on different user permissions (you could, for instance, limit access to certain content on your website for non-authenticated users only...)
- set up content types with restricted access
Note: do bear in mind that, once you've enabled Content Access, you'll need to rebuild your entire “collection” of access content permissions. The module is going to alter the way they work, that's why.
Tip: if you need to control access to content nodes on your Drupal 8 site, this module's built to help you “refine” your restriction; for that you'll just need to define some more detailed permissions in People menu > Permissions tab.
3. Permissions by Term
A lightweight solution to restrict access to content in Drupal 8. One that enables you to set up access-restricted content sections on your website.
Now, what makes it stand out from the other 5 modules in my list here is:
The refined, taxonomy term-based restrictions that it allows you to create for specific nodes on your Drupal site.
You can limit access to these nodes for:
- specific user roles
- certain individual user accounts
How do you set everything up?
- first, you enable the module
- then, on the term edit page, you define a specific role access for each taxonomy term
And there's more to look forward to!
Unlike Organic Groups and Group, the Permissions by Term module comes with very little overhead, in the form of light contributed code.
In other words: for the taxonomy terms-based access control that it enables you to set up, it adds a new field to your current content types. That's all!
4. Node View Permissions
When it comes to Drupal role-based access control (to content types or nodes) this module's simple, straightforward approach is exactly what you need.
Not as “sophisticated” as Content Acess, yet conveniently easy to configure and to maintain.
And also, the perfect choice if it's just a basic kind of content type access restriction that you need to set up.
Summing up its functionality now, what you should know is that Node View Permissions enables you to define 2 types of... permissions:
- “View any content”
- “View own content”
… for every content type listed on your Drupal site's Permissions page.
5. Group
It enables you, as the site admin, to structure content into... groups.
Different group types, with their own hierarchies of group roles:
- anonymous
- member
- outsider (a logged in user, but not a group member)
- other group roles that, as an administrator, you'll need to create
Needless to add that with Group you'll restrict access to content in Drupal 8 based precisely on these group roles that you'll set up.
Furthermore, it allows you to define:
- the most suitable permissions (view/edit/delete) for specific content types
- the most appropriate group roles
… per group type.
And the best is yet to come:
All group types, group roles, group/content relationships are set up as entities. Meaning that they're fully fieldable, exportable, extendable!
6. Taxonomy Access Control Lite
It's a restricted access to nodes, based on taxonomy terms, users and roles, that you get to define using this module:
A user role-based access control...
Note: mind you don't forget that, in order to restrict access to viewing/editing nodes on your Drupal website, you'll first need to reconfigure the existing user permissions.
The END!
A bit curious now: which one of these solutions, ranging from straightforwardly simple to most refined, would you go for to restrict access to content in Drupal 8?
