Skip to main content

Access Control Using Taxonomy and the Workbench Access Module

A collection of community inputs and evaluation notes for choosing Access Control strategies. Module evaluations were gathered for Group, Workbench Access, and Permission by Term.

(We're going to add entity_hierarchy to this review list.)

// Project Note, an external directory (Grouper) provides Role entitlements during SSO login. SimpleSAML maps Grouper "Groups" to a Drupal Role.

The "Group" module is less needed because SimpleSAML sets up dynamic Role membership at login.  

Key features like Workbench Access, Facets, Feeds, and Contextual URL Taxonomy Filters for Views (Reporting) work well with Taxonomy.
 

See minute 9:00 Regarding Groups versus Workbench
See minute 10:09 Permission by Term /

Note comment RE importing (Feeds) with taxonomy, versus Group related import issues. 
 
Content Access Using Workbench Access
"My Workbench" Content Editor example:

Image
Workbench Example


 

Content Access Using Groups:
Maintainers of the Groups project have been involved with recent Access Policy API in Drupal Core

Roles: Contributor, Publisher Role (Moderator)
permission.yml explanations

Modules: autocomplete feature permissions for D10.2.x (Gin Admin), 
Entity Views Attach, for menu, to show child pages, solid breadcrumbs

Status & State
Workflow - States (mark for review, hold for discussion) - 
Content Transitions 

State: Unpliblished -"Permanent Archive"
State: Unpublished - "Mark for deletion" 
State: Unpublished - "Needs Team Moderation"
State: Published - "Publish this Content Version as Live"
ECA / Rules workflow for content retention

Entity Reference Fields (Group Method): 
"Belongs to" // does not need to enforce permissions
"Displays in" // 

See Workbench comment @ 1:45  RE building "Access Control Taxonomy")

Track revisions, and do not let people delete things
With Revisions, tell people "Don't mess with other people's content"

Place the revision log next to the "Status Change"
"With power comes complexity"  See 16:45 Content Reverting Content Revisions
See: 50:14 on why WorkBench access would be right for a University.

Image

 

Image


Content Access Controls and Taxonomy Demonstration
This is a great approach for building affiliated content platforms:

Media Example:

Image

Facet Filter Example:

Image

Taxonomy Directory:

Image
Taxonomy Directory
Image
Role_Taxonomy_Mapping


A screenshot showing Feeds Imports, with Role Mappings for Departments (Neighborhoods)
https://gitlab.com/rsvp-system/rsvp-system

Image
Feed Import Process
Image
User Intake Screenshot