Question
About Drupal 8, I would like to ask if it’s possible to restrict the access to some nodes only for a list of people (or an e-group).
Solution: How to assign an egroup to a Drupal Role
1. Create a “Role” on the site.
Admin bar > People > Roles > Add Role
Add a new role from there, such as “cern group 1”, and note the “machine name” displayed automatically right next as your write.
2. Configure the settings of the SimpleSAMLphp Auth module to link this new Role to an egroup
Admin bar > Configuration > SimpleSAMLphp Auth Settings > User info and syncing > Automatic role population from simpleSAMLphp attributes
This is a textbox with a complicated-looking syntax, but its purpose is to link egroups and site Roles.
When first you see this box its content should be similar to
cern_registered:identityclass,=,CERN Registered|cern_shared:identityclass,=,CERN Shared|hep_trusted:identityclass,=,HEP Trusted|verified_external:identityclass,=,Verified External|unverified_external:identityclass,=,Unverified External|administrator:egroups,=,drupal-admins|administrator:egroups,=,drupal-admins-test-mysite
The |
symbols separate assignments and each assignment is of the form <role_machine_name>:egroups,=,<egroup>
.
Therefore, you need to append 1 new assignment at the end of the list and turn it into something like:
cern_registered:identityclass,=,CERN Registered|cern_shared:identityclass,=,CERN Shared|hep_trusted:identityclass,=,HEP Trusted|verified_external:identityclass,=,Verified External|unverified_external:identityclass,=,Unverified External|administrator:egroups,=,drupal-admins|administrator:egroups,=,drupal-admins-test-mysite|cern_group_1:egroups,=,drupal-group-myegroup-1
3. Create an egroup with the same name you defined above
- In this case
drupal-group-myegroup-1
- populate it with the people you want to get this role.