Drupal Enterprise: Managing Access/Permissions to Site Pages in Drupal 7

These steps detail how to restrict access to selected content on your Drupal 7 site.

Determine content to be restricted

Before following these steps, you must first determine:

  1. How to identify which content will be restricted.  For example, will only certain content types be restricted, will content be restricted based on an option on the page the content contributor chooses, will it be restricted based on a tag, etc.
  2. How you will define which users will have access to the content (i.e. will certain roles have access). If you are using criteria like roles, it would be good to set up the role before proceeding with these steps

Access Configuration Instructions

In order to set up your Drupal site to allow some pages to require access:

  1. Go to structure-->panels
  2. Select the option to edit the default site template
  3. Go to Site Wide Default->Summary (if you are using Groups, you should go to Groups Default->Summary)
  4. Click on Clone (on the right side of the page)
  5. Enter a new variant name (Example: "Intranet Pages")
  6. Click Update and save
  7. Under the new variant, choose Selection Rules
  8. Apply the rules governing the restricted Intranet pages. For example, if you want to restrict access to a certain content type:
    1. From the dropdown menu select Node: type and click Add
    2. Select the content type(s) to restrict (you can also select the content types you don't want to have access and use the "Reverse (NOT)" option.
    3. Click Save
    4. Click Update and Save
  9. Click on Reorder variants
  10. Reorder the variants so the most restrictive one is at the top and click Update and save
  11. Select Content under the restricted variant
  12. Click on the gear to the upper right of the content to be restricted (probably the page content)
  13. Select Add New Rule under visibility rules
  14. Choose the criteria for which the page will be limited. For example, if you are going to restrict access to the pages based on user roles:
    1. Select User: role and click Next
    2. Choose the role(s) that will have access to the content. It may be easier to remove roles that don't have access and use the Reverse (NOT) option
    3. Click Save
  15. (optional) Add a message on the page for people who won't have access to the page:
    1. Click the gear next to Main
    2. Click Add content
    3. Click add
    4. Add text to the page saying something like "Access to this page is restricted.  You must log in to have access"
    5. Click Save
    6. Click the gear to the right of the new pane (it should have a title to match the title you on the text that was just created)
    7. Choose add new rule under visibility rules
    8. Choose the same option set up in step 14
    9. Choose the opposite settings from 14 (i.e. the people who won't have access to the page(s)
    10. Click Save
  16. Click Update and save