How to create drupal Roles for a group of CERN members

kosamara · April 1, 2020, 7:54am

Question

About Drupal 8, I would like to ask if it’s possible to restrict the access to some nodes only for a list of people (or an e-group).

Solution: How to assign an egroup to a Drupal Role

1. Create a “Role” on the site.

Admin bar > People > Roles > Add Role

Add a new role from there, such as “cern group 1”, and note the “machine name” displayed automatically right next as your write.

2. Configure the settings of the SimpleSAMLphp Auth module to link this new Role to an egroup

Admin bar > Configuration > SimpleSAMLphp Auth Settings > User info and syncing > Automatic role population from simpleSAMLphp attributes

This is a textbox with a complicated-looking syntax, but its purpose is to link egroups and site Roles.
When first you see this box its content should be similar to

cern_registered:identityclass,=,CERN Registered|cern_shared:identityclass,=,CERN Shared|hep_trusted:identityclass,=,HEP Trusted|verified_external:identityclass,=,Verified External|unverified_external:identityclass,=,Unverified External|administrator:egroups,=,drupal-admins|administrator:egroups,=,drupal-admins-test-mysite

The | symbols separate assignments and each assignment is of the form <role_machine_name>:egroups,=,<egroup>.
Therefore, you need to append 1 new assignment at the end of the list and turn it into something like:

cern_registered:identityclass,=,CERN Registered|cern_shared:identityclass,=,CERN Shared|hep_trusted:identityclass,=,HEP Trusted|verified_external:identityclass,=,Verified External|unverified_external:identityclass,=,Unverified External|administrator:egroups,=,drupal-admins|administrator:egroups,=,drupal-admins-test-mysite|cern_group_1:egroups,=,drupal-group-myegroup-1

3. Create an egroup with the same name you defined above

In this case drupal-group-myegroup-1
populate it with the people you want to get this role.

sboutas · April 1, 2020, 8:20am

After you have followed all the above steps that Konstantinos described in order to link an e-group to a role there are two modules that you can use in order to restrict access to nodes for a list of people.

These are the Content Access and Permission by Term.

For more info on roles and permissions visit the drupal-tools website.

brae · May 6, 2021, 7:40am

Hello @kosamara and @sboutas , I’ve followed all the steps above I’ve cross checked the machine name of my role and the egroup. I’ve cleared the caches but still I can not see that the role is correctly associate with user in the people page.

could you help me ?

Cheers,

Bastien

sboutas · May 6, 2021, 7:52am

Hi Bastien,

In order to see the people associated with the new role they need to sign in again into the website.

brae · May 6, 2021, 8:10am

Hi @sboutas ,

thanks for you fast reply.
I’ve add myself to this new role sign in and sign out and I can’t still not see it…

sboutas · May 6, 2021, 8:30am

That’s because it takes long time for the the e-groups to sync changes.

Unfortunately that’s on FAP department that manages the e-groups application and there is nothing we can do.

Usually the sync happens in a few hours but also it might take a day.

CERN Accelerating science