Last updated 19 March 2010. Created on 21 June 2007.
Edited by dooug, MatthewS, LeeHunter, webernet. Log in to edit this page.

You may find this article helpful if you want to:

  • create a separate content area for each department of an organization,
  • assign writers and editors to specific sections of an online publication, or
  • create a locus of collaboration for each of your organization's clients.

What all the above scenarios have in common is that they require access control--that is, access to certain parts of your site must be restricted to certain users. There are four steps:

  1. Categorize the site with the taxonomy module
  2. Create user roles
  3. Set role access control with the taxonomy_access module
  4. Assign users to the newly-created roles

The rest of this tutorial will use as an example a company website that will have areas for two departments: accounting and public relations. The goal is to restrict editing of each department's area to members of that department.

Step 1: Taxonomy
First, make sure the taxonomy module is enabled. Go to administer > content management > categories > add vocabulary. Add a vocabulary called "Department." Disable hierarchy. For types, check "Page" and "Story." Leave everything else at the defaults for now. Now click "add terms" in the Department row of the vocabulary table. Add two terms: "Accounting" and "Public Relations." When users submit new content, they will have a chance to categorize it under one of these departments. So far, anyone can write for any department. The next four steps will restrict that privileges.

Step 2: Roles
Go to administer > user management > roles. Add a role called "accounting staff." Click "edit permissions" for that role. Check everything under "node module" except for "administer content types." This gives your editors the ability to edit. Add another role called "public relations staff" and give them the same permissions. Ensure that you have disabled "edit page content" and "edit story content" under Node Module.

Step 3: Access Control
Download and install the taxonomy_access module if you haven't already done so. Read the module's documentation now, or what follows may not make sense. Go to administer > user management > taxonomy access: permissions. Click on "edit" next to "authenticated user." Expand the "Departments" menu. You should see three rows: "Default," "Accounting," and "Public Relations." Set View to Allow, Update to Deny, and Delete to Deny for both departments and the default. Check "List" and uncheck "Create" for both departments and the default. This ensures that average users won't be able to modify any department's area.

Now go back a screen and edit the accounting staff's permissions. Since you're currently editing the accounting staffers' privileges, you want to enable editing of their department's content and disable editing of the public relations department's content. Set Update and Delete to Allow in the Accounting row. Check "Create" in the accounting row. Check "List" in both rows. Set everything else to Ignore. Repeat the process for Public Relations.

Step 4: Assign Users to Roles
Go to administer > user management. Click "edit" next to a username and assign the user to either department. That user will now be able to edit her department's area, but not the other. If you want, you can give users access to both by assigning them to both roles.

It is important to remember that the "areas" you have created are really an abstract thing. A node is part of an area simply by virtue of its categorization. To make your areas more concrete, you can pages that automatically list the nodes for the department. To do that, you can make a link or a menu item like this:

<a href="taxonomy/term/1">Accounting</a>

where 1 is the term id for Accounting.

These steps create an editor role that has full executive control over its department. You will probably also want to create writer roles with scaled-back powers (probably just Create and not Update or Delete).

NOTE: A related tutorial has been written 'Groups as Roles' at

Looking for support? Visit the forums, or join #drupal-support in IRC.