Who is allowed to view, edit, or delete particular information on your website? Details like this are vital for the site’s security and usability. Many website also need special access scenarios. Luckily, we have Drupal — fine-grained user access is a breeze with it! First, one of Drupal’s benefits is that it has built-in user roles and lets you create custom ones, as well as give them granular permissions. Second, there are many useful add-on contributed modules in this area as well. So today, we are reviewing user access modules in the latest Drupal version — Drupal 8.

User access modules in Drupal 8

Permissions by Term

With the help of the Permissions by Term module, you can restrict or allow access to specific website content on the basis of taxonomy terms. These permissions can apply to user roles or to individual users. They work for nodes, views, search, menus etc. The Permissions by Term module had a fresh release in May 2018. It is a lightweight alternative to the Organic Groups and Group modules, which are just getting ready for Drupal 8. We have already dedicated a blog post to the Permissions by Term module that you can check out.

Protected Pages

Here is a fresh module right from the development “oven.” Drupal 8’s version of the Protected Pages module has come out in June 2018. It allows you to protect certain website pages with a password. In Drupal 8 version, you can also protect private files. Interesting features include global password setting, session expiry time, protection bypass permission to free certain users from this procedure, and more.

Node View Permissions

This simple module adds two types of permissions to every content type. Namely, these are “View own content” and “View any content.” The permissions can be found on the website’s Permissions tab. The Node View Permissions module easily combines with any other user access modules.

Vocabulary Permissions Per Role

Thanks to the Vocabulary Permissions Per Role module, you can allow content editors to work with a particular taxonomy vocabulary. They will be able to add new taxonomy terms, edit or reorder them, and more. This is possible without granting them the “administer taxonomy” permission, which would give them too much responsibility.

Menu Admin per Menu

Sometimes, it is necessary to allow certain users to add, edit, or delete particular menus. At the same time, they do not have permissions for other menus. With all its flexibility, Drupal will let you arrange this with the help of the Menu Admin per Menu module. Keep in mind that users without full admin permissions may not, by default, see the menus, so you need to place them within their visibility.

Override Node Options

Here is another user access module with a fresh Drupal 8 release in spring of 2018. The Override Node Options module lets you set permissions for each field on the node form. These permissions refer to “Authoring information” and “Publishing options.” The module also lets you make certain field sets collapsible.

Block Content Permissions

Fine-grained access to block management is offered by the Block Content Permissions module in Drupal 8. It adds the permissions to administer custom block types, view restricted block content, as well as create, edit, and delete the content of specific block types. The permissions are assigned to user roles.

Block Region Permissions

Another great example of flexibility it the Block Region Permissions module. It lets you control access to block management within each region of your website’s theme. For this, the special “administer” permission can be granted to specific user roles. Users with this permission will be able to see the region on the block layout page, update or delete its blocks, and more.

Workflow

In addition to new and exciting workflow management features in Drupal 8 core, there are contributed modules like Workflow. Its Drupal 8 version is also a novelty of 2018. The module lets you create workflow states for various node types and allow certain user roles to change these states (or example, from “Draft” to “Published”). To the change of state, you can attach particular actions — nodes get published, emails are sent, and so on.

Taxonomy Access Control Lite

Here is another module that works via taxonomy. The Taxonomy Access Control Lite module manages access to nodes on the basis of taxonomy terms that are applied to them. It grants permissions based on user roles and can also assign them to particular users in addition to what their roles allow. The module supports the permissions to view, update, and delete the nodes.

Nodeaccess (beta)

With the Nodeaccess module, it will be possible to give certain users the “grant node permissions” permission. These users will have a “grant” tab on their node pages. Form there, they will grant the permissions to view, edit, or delete the node to particular user roles or to individual users. Administrators can decide which roles are available to grant these permissions to, as well as make default access settings for content types.

Custom Permissions (beta)

The Custom Permissions module (formerly known as Site Configuration Permissions) allows for creating and managing additional permissions on the administration page. A permission gets a name and a route (which used to be a path in Drupal 7). The permissions can then be assigned to user roles. In Drupal 8, custom permissions are configuration entities that can easily be exported and imported.

Final thoughts

This is just a brief overview of Drupal 8 user access modules. There are many other very good modules, some of which are in the beta or alpha stage, getting ready for Drupal 8. In any case, the choice is great!

Our Drupal team is always ready to choose the most relevant modules for your website and configure them in optimal ways. If necessary, we will create custom modules for you.

Everything can be done to provide your Drupal 8 site with user access scenarios that you need — just contact Drudesk!