User permissions

ASURA websites restrict who may administer the sites, add and modify content, and for the volunteers site, see restricted content. This page explains how a site administrator can implement the necessary permissions for a volunteer.

Overview

Both the main ASURA website and the "Help for Volunteers" website are mainly viewable by anyone, i.e., without any sort of sign-in.

The Help for Volunteers site has some content that is sensitive, and should be available only to those who need it. That content can be viewed only by volunteers who have been given permission. Those volunteers must sign in to the site to see the content.

A combination of user roles and content types are used to control access. These are both features of Drupal.

How to manage access

In most cases, volunteer roles determine what access is needed. The site administrator may provide appropriate access to anyone who requests it their role makes it obvious that they need it. If you are not sure whether they have one of these roles, or if they are requesting access for another reason, ask the current ASURA president before proceeding.

  • Office volunteers, those who work with technology, the business manager, and some others need to have contact information for people they work with at ASU and the ASU Foundation.
  • Seminar committee chairs need access to technology accounts to set up Zoom meetings, post video recordings to YouTube, and create surveys in Google Docs.
  • Video history project personnel who are managing the Apple computers belonging to that project need access to technology accounts when working with Apple software and hardware.
  • The business manager needs access to contact information for Foundation personnel, and also needs administrative access to Wild Apricot to manage our Wild Apricot account.
  • The Treasurer and perhaps members of the Finance committee need access to information about ASURA's financial accounts.
  • Those who maintain content on the site need editor access.
  • Those who have accepted responsibility for helping to manage the sites need administrator privilege.
  • Those who are no longer actively volunteering in one of these roles should have access removed.

 

You will need the volunteer's ASURITE User ID if they have one. Additions are made in administrative mode using the People menu, List tab.

  • If the person has an ASURITE User ID and can log in using it, click on the +Add CAS user(s) button to add them. Enter their ASURITE ID in the box labeled CAS Username(s). Click on the appropriate role(s) for them, and click on the "Create new accounts" button.
  • If the person cannot log in with an ASURITE User ID, use the +Add user button. Enter their email address where indicated, create an appropriate username and password, click on the appropriate roles, uncheck the "Personal contact form" box, and click "Create new account". Let the person know what their Username and Password are for accessing the site, and how to log in -- which is via the "Login Without ASURITE" page that is available from the Website Tasks-Other Tools menu.

 

If a volunteer already appears in the list of users for a site, you can add or remove access:

  • Click on the Edit button next to their name in the list of users.
  • Scroll down to the list of roles and check or uncheck the boxes next to the permissions in question.
  • Save (button on the bottom).

ASURA's Webspark sites use these roles. 

  • Anonymous user - someone who is not logged in
  • Authenticated user - someone who is logged in. 
  • Administrator - someone who has full privileges to manage any aspect of the site.
  • Editor - someone who updates site content.

The volunteer site additionally uses these roles:

  • Technology - for those who need to see account IDs and passwords for ASURA services.
  • Support-calls - for those who need to see the names and contact information for ASU and ASU Foundation people that provide specific support to ASURA.
  • Finance - for those who need to know detailed information about ASURA's financial accounts.

Roles can be created for other purposes using Drupal's administrative menu: People-Roles.

ASURA has installed the Content Access module on its volunteer site. This is a custom Drupal module, i.e., it is not included in Webspark.

The Content Access module adds an "Access control" choice to content type administration. When you choose the Access control tab for a particular content type, you are presented with Role Based Access control options, i.e, you can select which user roles have privileges to view, edit, and delete content of that type.

Thus, on the volunteers site, there is a content type Tech-Accounts, and using Access control settings, the user roles Administrator and Technology are the only ones assigned permission to view Tech-Accounts content.

The content type Support-Calls is similarly restricted to those who have been assigned the "Support-Calls" role, and pages with content type Finance are restricted to people with the Finance role.

The most common problem with access is that a particular role (usually the Editor role) has not been assigned the privileges it needs.

This is particularly an issue if you have added a new content type that you want those with the Editor role to be able to use. Review this in the Administrative menu of the site by using the People menu, Roles tab.

  • Click on the Edit permissions pulldown from the Edit button for the role you are having problems with.
  • Scroll down to the Node section of permissions and make sure the boxes for adding/editing/deleting content for the new Content Type are check.

 


Updated 9 May 2022 by Connie McNeill