• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Preventing Drupal Headaches: Permissions and Roles Checklist
 

Preventing Drupal Headaches: Permissions and Roles Checklist

on

  • 695 views

 

Statistics

Views

Total Views
695
Views on SlideShare
622
Embed Views
73

Actions

Likes
2
Downloads
8
Comments
0

2 Embeds 73

https://www.acquia.com 70
http://www.acquia.com 3

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Preventing Drupal Headaches: Permissions and Roles Checklist Preventing Drupal Headaches: Permissions and Roles Checklist Presentation Transcript

    • PERMISSIONS CHECKLIST Friday, January 31, 14 1
    • training.acquia.com/events Friday, January 31, 14 2
    • Who is this for? • • New to Drupal? • Inherited a new Drupal site and want to know more about configuration Friday, January 31, 14 Starting a new Drupal site! 3
    • In this demo • Permissions and roles basics • Tools for improving security checking • Common danger zones: WYSIWYG and Views • Hidden per-module permissions you might miss. Friday, January 31, 14 4
    • Not in this demo • General security best practices around external libraries, theming, custom code, etc. drupal.org/security/secure-configuration • Writing secure code drupal.org/writing-secure-code • How to report security issues drupal.org/security-team/report-issue Friday, January 31, 14 5
    • The basics Friday, January 31, 14 6
    • Add roles Friday, January 31, 14 7
    • Organize roles Friday, January 31, 14 8
    • Inherited settings Friday, January 31, 14 9
    • Permissions to watch • Comment management • Block editing permissions • Menu editing permissions • Select modules which give you more granular permissions. Friday, January 31, 14 10
    • Core configuration • Create an “Admin” account for yourself. Use user/1 when needed. • Comment settings • Content type settings • Contact form settings • Account settings (not under permissions!) Friday, January 31, 14 11
    • Account settings 1 Friday, January 31, 14 12
    • Account check • Who can create accounts? • Contact form • Signatures • User picture upload? • To delete: Disable accounts and keep content. Friday, January 31, 14 13
    • Account settings 2 Friday, January 31, 14 14
    • Two helpful modules! Friday, January 31, 14 15
    • Security review module https://drupal.org/project/security_review Friday, January 31, 14 16
    • Configure untrusted Friday, January 31, 14 17
    • Review results Friday, January 31, 14 18
    • Review results Friday, January 31, 14 19
    • Test as you develop • Create test user accounts for each role. • Use other browsers • Use “incognito mode” in Chrome or other • Use Masquerade Friday, January 31, 14 20
    • Friday, January 31, 14 21
    • Development tool • Not in a live production site. Disable, remove. Friday, January 31, 14 22
    • Masquerade demo • Add test user accounts for each role • Configure the administrators • What users to switch between • Place the block Friday, January 31, 14 23
    • acquia.com/insight Friday, January 31, 14 24
    • Surprise! Modules with specific permissions Friday, January 31, 14 25
    • What to check? • Any modules which have specific permissions per role. • Check custom modules. • User Masquerade to check per role abilities. • Check site as anonymous. Friday, January 31, 14 26
    • Flag • Basic permissions Friday, January 31, 14 27
    • Flag permissions • Permissions per flag Friday, January 31, 14 28
    • Webform • Configure per webform Friday, January 31, 14 29
    • IMCE Friday, January 31, 14 30
    • Commons - Organic Groups • Content permissions across the site Friday, January 31, 14 31
    • Commons - Organic Groups • Group-specific permissions Friday, January 31, 14 32
    • Commons - Organic Groups • Group specific roles Friday, January 31, 14 33
    • Other modules • Field permissions • Taxonomy access control • Workbench • Many more! Friday, January 31, 14 34
    • WYSIWYG Friday, January 31, 14 35
    • WYSIWYG settings Friday, January 31, 14 36
    • Danger here Friday, January 31, 14 37
    • Careful Friday, January 31, 14 38
    • Dangerous tags • SCRIPT, IMG, IFRAME, EMBED, OBJECT, INPUT, LINK, STYLE, META, FRAMESET, DIV, SPAN, BASE, TABLE, TR, TD. • Visit https://drupal.org/node/224921 • “Configuring text formats (aka input formats) for security” Friday, January 31, 14 39
    • Mollom! Friday, January 31, 14 40
    • Views Friday, January 31, 14 41
    • Custom admin view Friday, January 31, 14 42
    • Admin settings Friday, January 31, 14 43
    • Role permissions? No. Friday, January 31, 14 44
    • Better than role perms Friday, January 31, 14 45
    • Choose permission Friday, January 31, 14 46
    • Recap Friday, January 31, 14 47
    • https://www.acquia.com/resources/webinars/ training-what-consider-writing-your-rfp Friday, January 31, 14 48