You are here

Creating Restricted Catalogue Zones

We started a series of recent articles on integrating a Document Catalogue with Document Control.  Our Catalogue model might look simplistic, but Drupal provides a number of modules and methods to extend the functionality to cover the needs of most small to medium businesses. In the real world, public access to most of the Catalogue would be severely limited.  Ours is open for the purposes of training and discussion. But how would we restrict access to documents with Drupal?  How could we customize the Catalogue to limit access to documents, and even sub-catalogues based on user profiles?

One solution lies with the Drupal Content Access module, which provides methods for restricting user access to certain types of Drupal Content, based on content specific or user type rules.

Whilst there are many commercial products available to probably build Document Management Systems more effectively (eg.  IBM's Lotus Notes collaboration solutions for small businesses), our catalogue model is intended for training but could be applied in a small business. As we expand and refine the Catalogue and corresponding Document Control system, and explore the essential aspects and requirements, we will continue to improve it's effectiveness and appeal.

Within an IT Service Management organisation there are several areas, departments and teams  whose documents, records and catalogue indexes would clearly be isolated the from general support procedures and documents available generally across most teams.  For example, Human Resources, Payroll, Marketing, Security, Facilities and Senior Management would normally have isolated, or zoned off areas of the Catalogue.

In our Drupal Catalogue, we would do this by creating a clone of the DCS Record and use the Content Access module to define acess rules. In our model, we called the new record "secRecord" which has replicated all the fields of the Record content type. Here is a sample secrecord for the HR Department.

So to start with, we could build a simple sub-Catalogue, whose control DCS record is a secRecord type, and whose documents and procedures are all managed with secRecords. The following Catalogue in our system contains a list of restricted department documents / sub-catalogues, and is not actually visible to general staff (or the QualityHelp public readers.  However, logged-in users, and members can see this catalogue.

Building sub-catalogues within the restricted zones, and registering confidential documents and records in the Document Control System follows the same Registration Process as elsewhere.  The access limitation is applied by using secRecords where required. More complex security structures can be built with the addition of more security control records (secRecord2, 3, 4 etc) as well as additional user profiles (Manager, Security, HR, Payroll etc).



The above Catalogue Map has been registered as a pdf in the public area of our Catalogue. It should be an easy exercise for interested readers to locate this document, and open the attached file.



How useful or interesting would you rate this article?
How would you rate the article content for detail and clarity?
How would you rate this article for relevance to your role, company or studies?
How would you rate the overall layout, content and usefulness of the QualityHelp site?
Please rate this article
Please provide feedback or suggestions

Site maintained by the QualityHelp Community