Given what you know about your audience, the content oriented tasks they will be performing on the site, and the types of content you will have them interacting with, at what level of granularity will you to control your content?

This analysis is closely connected with the roles analysis in that we are discussing who can do what. But right now, we are focusing on the who can do what with regard to content. In this analysis you are determining if you want to control who can view, create, edit, and delete your content. Your answer is probably yes but to what extent?

Decisions made during this analysis will affect

• the tools you install to manage access to your content
• how many different content types
• how you manage access to content fields and vocabulary terms.

Levels of Control

Out of the box, Drupal gives you the opportunity to say that all your nodes are viewable or not by a role. In other words, anonymous users can see all your content nodes or they can't see your content nodes. Or only authenticated users can see all your nodes. You add more roles but the condition doesn't change, it's all or nothing. But all is not lost. You do have options.

All or Nothing Access of Content Types

If you have decided to create different content types (Drupal input forms) for your various types of content, maybe you want to control access by content type. For example, anonymous users can see all nodes created with the Page content type but they need to be an authenticated user to see the Story, Blog, and Forum content types that you have enabled. There are modules that help you manage access at the content type level. But what if you need something in between?

Partial or Teaser Access of Content Types

What if you want your anonymous users to see a teaser of the content you have because you want to entice them to create an account to see the rest. Or what if you want to sell them access to the rest? Depending on your requirements, there are modules that will help you with this but you need to plan.

Field Level Access

Content types are made up of input fields. By default, the Drupal content types have two input fields: title and body. You can add different types of fields using one or more contributed modules. When considering content access, do you want to control user access field-by-field?

For example, assume you have a content type used to input project reports. There are ten fields that need to be completed by different roles on the project. With custom fields, you can assign edit rights to edit five fields to one user role and rights to another user role to edit the remaining fields. 

Node Level Access

When applying node level access, you are determining assigning permissions to the node one at a time. Depending on which module choose, permissions can be set by role or by user.

This level of control comes in handy when you are managing a collaborative writing process where you want three people to compose a report in the same node. With node access controls, you can assign a node to the three authors and they can each have edit access to the node and they can take turns adding and editing content in the node. 

Group Level Access

Organic Groups module(s) offer you a way of creating a "space" where members of a group can create content that only members of the group can access, if the group is configured to that level of control. Using groups to manage access to content is like setting up mini sub-sites in your own site.

Vocabulary Terms

If you are not using a content type approach for differentiating one type of content from another, you are probably using a vocabulary of terms. Each term representing a type of content. There are modules that allow you manage access to content through the terms that it has been assigned. So if you have all your content organized by term, you can apply access conditions to those terms.

Conclusion

There are probably more ways to consider content access and more ways to manage it. The strategies above are commonly used practices for controlling access to content. The objective is determining what you need and then exploring different options.

As you can see, your decisions regarding content types and content data are influenced by the level of control you need to engage in your site.