Chapter 4: User Management

Andy Austin; Christopher Harris

ltr: Vol. 44 Issue 4: p. 15


Chapter 4: User Management
Andy Austin
Christopher Harris

Abstract	“We've seen a number of library sites really take off and come up with new ways to reach their patrons—especially by marketing library programs,” Michael Samuelson, Web Developer, Idaho Commission for Libraries The Idaho Commission for Libraries (formerly called the Idaho State Library) is an organization that helps libraries in Idaho “better serve their clientele,” says Web developer Michael Samuelson. Part of that effort — to help libraries better serve their users — is helping library staff members develop Web sites that “reach out to patrons and provide, essentially, virtual branch[es],” Samuelson notes. The Idaho Commission for Libraries is doing just that with its “E-Branch in a Box” project, which provides “Drupal-powered Web sites to, mainly, public libraries.” The Commission's E-Branch project is just one of the many aspects presented in “Drupal in Libraries,” the fourth issue of Library Technology Reports this year. Written by Andy Austin and Christopher Harris — both who work for the School Library System of the Genesee Valley BOCES (Board of Educational Cooperative Services) in New York State — the issue features helpful case history examples of Drupal use in libraries. Most of the report, however, is dedicated to a useful and user-friendly how-to guide for libraries interested in utilizing Drupal — and its dedicated developer community — to build dynamic and easy-to-use library Web sites. “Welcome to a New Paradigm” In “Drupal in Libraries,” Austin and Harris start the report with a discussion of content management systems and identify benefits of using them for “content” organizations. “Libraries are about content: acquiring it, storing it, indexing it, retrieving it, and presenting it,” explain the authors in chapter 1 (“Welcome to a New Paradigm”). “Content management systems help libraries accomplish these tasks on the Web by providing a back-end structure for a Web site so the authors can focus on content.” Also in the “Drupal in Libraries” issue: Why Drupal? Who is Drupal? System Requirements and Installation “Adding ‘Stuff’ to a Drupal Site” (Chapter 3) and “User Management” (Chapter 4) Drupal Customization, Case Studies, and Drupal Resources About the Authors Andy Austin is a Library Technologies Specialist with the Genesee Valley BOCES, where he spends much of his time developing Drupal sites. In addition to his BA in English from SUNY Geneseo and MLS from the University of Buffalo, he has New York State teacher certification as a school library media specialist. When not spending time with his wife, Vicky, and two young sons, Eric and Nate, he can be found maintaining the Drupal Marc project or infrequently posting on his personal Drupal site, http://posttext.com. Christopher Harris, author of the Infomancy blog, is the coordinator of the school library system for Genesee Valley BOCES, an educational services agency that supports the libraries of 22 small, rural districts in western New York. In addition to blogging on Infomancy, Christopher is a technology blogger for School Library Journal on Digital Reshift as well as a regular technology columnist. He was a participant in the first American Library Association Emerging Leaders program in 2007 and was named a Library Journal Mover and Shaker for 2008. Christopher is an avid gamer as well as a dedicated reader. He lives with his wife, an elementary librarian, in Le Roy, New York.

We previously mentioned that, rather than use the term CMS, many in the community prefer to call Drupal a CMF, or content management framework. Others prefer just to change the C from content to community or collaboration, and use the phrase community management system. This is to emphasize Drupal's superior user-management features that are especially suited to collaborative content authorship.

Using the Drupal Web interfaces, you can create users, identify user types or roles, and fine-tune permissions based on these roles. You can also empower users to register themselves on your site (with optional approval) and manage their own profiles, usernames, and passwords. To bolster the core user management, user management has been designed to be extensible. Many other modules have taken advantage of this and are available to expand core user management to address more specific needs (see figure 9).

At a basic level, the Drupal user-management system controls which users can see what content in your site. Perhaps more important, it mitigates the layers of permissions for contributors to the site, refereeing who can submit and edit what content and what happens to that content when it is submitted. Drupal does not dictate a specific work flow for Web authoring, but instead, with the right configuration, it can be adapted to fit the publishing work flow that is needed within your organization. This can allow you to distribute work on the Web site throughout a library. The Children's Services department head could be given permissions to create and publish new stories, while other staff in the department may be able to create content but not publish it without additional authorization.

Drupal handles these distinctions by using a role-based system of permissions. Users are assigned roles, and these roles are given specific permissions. Permissions can be assigned only to roles, not to individual users. Given this, it is important to understand that users can be assigned multiple roles and their permissions accumulated depending on which roles they have been assigned. This is different from many other systems, in which a user may be placed only in a single system role or group. Multiple roles can be created to build a scaffolding of permissions.

Using Roles

When you install Drupal, there are already two roles defined:

Anonymous—users who have not logged in. Drupal treats all Anonymous users the same way; it has to because it doesn't know anything to differentiate them. This means that there is only one level in the Anonymous hierarchy.
Authenticated—any user who has logged in. Users will be considered Authenticated users even if you assign them additional roles, as this is the top-level role in the Authenticated hierarchy. It is critical to remember that every user who logs in gets any permissions granted to Authenticated users (see figure 10).

During the installation process, you create a super-user account (with an internal ID of 1) that bypasses all security checks. This user does not need any roles or permissions assigned; instead, this person always has permission to do anything. Using this account is sort of like using root in Unix; you want to use it only when necessary, and you may even want to disable it for security reasons. Instead of using this first account, you will probably want to create a role called Administrator and have other users who will be administering the site assigned to this role. You will just need to assign all the permissions to the Administrator role and remember when you install new modules to revisit the Permissions table and give the Administrator role the new permissions that come with the new module.

Additional roles can be set set up for different groups of staff in your library depending on your needs. Since our staff is small and our organization is not very complex, we generally add only three roles for our organizational sites: Administrator, Staff, and Librarian. Administrators are the technical people who manage the sites; Staff work at our office and need some permissions on the back-end but don't need to see the complexities of Drupal; and Librarians get some special privileges to add content and see various resources that we provide to them.

Assigning Permissions

In a larger library with a more complex organization, you want to take the time to fine-tune your roles and permissions. For example, you might want to provide a Web form that allows patrons to submit a reference question. You could have a role for staff working at the reference desk. You could then assign permissions so that only users who were given the role Reference Desk could read and respond to the reference questions. If you wanted to have departmental blogs on your site, you wouldn't want all your staff to be able to blog, just your designated bloggers. So you could create another role, Bloggers, and give that role permissions to blog on the site (see figure 11).

In this scenario, you are going to have staff who work the reference desk and don't blog, staff who blog but don't work the reference desk, staff who do neither, and staff who do both. Fortunately, users can have multiple roles in Drupal, so one user can have the two roles Reference Desk and Blogger and get all the permissions assigned to those two roles, as well as any permissions granted to Authenticated users.

Managing security when roles overlap is slightly tricky; remember that Drupal only adds permissions to a role and does not block a permission for a role. Practically, this most often comes into play when you are trying to remove a permission from a user or a group of users on the site. For example, you might uncheck the permission Post Comments Without Approval for your Blogger role, but if the Reference Desk role still has that permission, then any users with both roles will still be able to post comments without approval.

More concretely, permissions are set in Web UI. The Permissions page is organized as a long table of roles and permissions, divided up by which module is setting those permissions. This is not the easiest form to use, so don't despair; it may look overwhelming at first, but it will eventually make sense to you. Start by just reading through the permissions that are available and pragmatically decide who needs which permissions.

As a final note, any time you set up a site, you will want to create a test user with each role and test your site as these other users. Sites are often built as an Administrator user or even as User 1. This can give you a false sense that everything is working on your site. You also need to test each user and make sure that they are not getting permissions that were not intended.

Figures


[Figure ID: fig1]	Figure 9 Drupal screen for managing users.
↑ To Top
[Figure ID: fig2]	Figure 10 Drupal screen for managing roles.
↑ To Top
[Figure ID: fig3]	Figure 11 Drupal screen for assigning permissions.
↑ To Top


Article Categories: Information Science Library Science

Refbacks

There are currently no refbacks.

Published by ALA TechSource, an imprint of the American Library Association.
Copyright Statement | ALA Privacy Policy