Content type permissions



The team made a security model earlier. Here’s the content types part of it.

Content types

Content type View access Change access
Person Public: Name, majors, projects
Org manager: the rest
Org manager
Project Public Org manager
Event Public Org manager

For Project and Event, anyone can view all the fields. Only managers can change the data.

Person is more complicated. Anyone can see three of the fields. Managers can see all of them, and change the data as well.


Go to People | Permissions. Scroll down to the Node section. You’ll see permission settings for Person, Project, and Event. Give Org managers and Administrators permission to make any change. Anonymous and Authenticated can’t change anything. Here are the permissions for Person:

Person permissions

Hiding Person fields

We want to hide most Person fields from anonymous users. That’s usually done with the Content access module. At the time of writing, just after the official release of D8, the module doesn’t have a stable release.


Exercise: Your gamerz: content type permissions
On your gamerz site, set the permissions for the person, project, and event content types. If you have not already done so, you will need to create the Org Manager role to properly complete this exercise.

Submit the URL of your site, and the login credentials for user 1.

(If you were logged in as a student, you could submit an exercise solution, and get some feedback.)