Your SlideShare is downloading. ×
Preventing Drupal Headaches: Permissions and Roles Checklist
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Preventing Drupal Headaches: Permissions and Roles Checklist

937
views

Published on

Published in: Technology

0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
937
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
14
Comments
0
Likes
3
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. PERMISSIONS CHECKLIST Friday, January 31, 14 1
  • 2. training.acquia.com/events Friday, January 31, 14 2
  • 3. Who is this for? • • New to Drupal? • Inherited a new Drupal site and want to know more about configuration Friday, January 31, 14 Starting a new Drupal site! 3
  • 4. In this demo • Permissions and roles basics • Tools for improving security checking • Common danger zones: WYSIWYG and Views • Hidden per-module permissions you might miss. Friday, January 31, 14 4
  • 5. Not in this demo • General security best practices around external libraries, theming, custom code, etc. drupal.org/security/secure-configuration • Writing secure code drupal.org/writing-secure-code • How to report security issues drupal.org/security-team/report-issue Friday, January 31, 14 5
  • 6. The basics Friday, January 31, 14 6
  • 7. Add roles Friday, January 31, 14 7
  • 8. Organize roles Friday, January 31, 14 8
  • 9. Inherited settings Friday, January 31, 14 9
  • 10. Permissions to watch • Comment management • Block editing permissions • Menu editing permissions • Select modules which give you more granular permissions. Friday, January 31, 14 10
  • 11. Core configuration • Create an “Admin” account for yourself. Use user/1 when needed. • Comment settings • Content type settings • Contact form settings • Account settings (not under permissions!) Friday, January 31, 14 11
  • 12. Account settings 1 Friday, January 31, 14 12
  • 13. Account check • Who can create accounts? • Contact form • Signatures • User picture upload? • To delete: Disable accounts and keep content. Friday, January 31, 14 13
  • 14. Account settings 2 Friday, January 31, 14 14
  • 15. Two helpful modules! Friday, January 31, 14 15
  • 16. Security review module https://drupal.org/project/security_review Friday, January 31, 14 16
  • 17. Configure untrusted Friday, January 31, 14 17
  • 18. Review results Friday, January 31, 14 18
  • 19. Review results Friday, January 31, 14 19
  • 20. Test as you develop • Create test user accounts for each role. • Use other browsers • Use “incognito mode” in Chrome or other • Use Masquerade Friday, January 31, 14 20
  • 21. Friday, January 31, 14 21
  • 22. Development tool • Not in a live production site. Disable, remove. Friday, January 31, 14 22
  • 23. Masquerade demo • Add test user accounts for each role • Configure the administrators • What users to switch between • Place the block Friday, January 31, 14 23
  • 24. acquia.com/insight Friday, January 31, 14 24
  • 25. Surprise! Modules with specific permissions Friday, January 31, 14 25
  • 26. What to check? • Any modules which have specific permissions per role. • Check custom modules. • User Masquerade to check per role abilities. • Check site as anonymous. Friday, January 31, 14 26
  • 27. Flag • Basic permissions Friday, January 31, 14 27
  • 28. Flag permissions • Permissions per flag Friday, January 31, 14 28
  • 29. Webform • Configure per webform Friday, January 31, 14 29
  • 30. IMCE Friday, January 31, 14 30
  • 31. Commons - Organic Groups • Content permissions across the site Friday, January 31, 14 31
  • 32. Commons - Organic Groups • Group-specific permissions Friday, January 31, 14 32
  • 33. Commons - Organic Groups • Group specific roles Friday, January 31, 14 33
  • 34. Other modules • Field permissions • Taxonomy access control • Workbench • Many more! Friday, January 31, 14 34
  • 35. WYSIWYG Friday, January 31, 14 35
  • 36. WYSIWYG settings Friday, January 31, 14 36
  • 37. Danger here Friday, January 31, 14 37
  • 38. Careful Friday, January 31, 14 38
  • 39. Dangerous tags • SCRIPT, IMG, IFRAME, EMBED, OBJECT, INPUT, LINK, STYLE, META, FRAMESET, DIV, SPAN, BASE, TABLE, TR, TD. • Visit https://drupal.org/node/224921 • “Configuring text formats (aka input formats) for security” Friday, January 31, 14 39
  • 40. Mollom! Friday, January 31, 14 40
  • 41. Views Friday, January 31, 14 41
  • 42. Custom admin view Friday, January 31, 14 42
  • 43. Admin settings Friday, January 31, 14 43
  • 44. Role permissions? No. Friday, January 31, 14 44
  • 45. Better than role perms Friday, January 31, 14 45
  • 46. Choose permission Friday, January 31, 14 46
  • 47. Recap Friday, January 31, 14 47
  • 48. https://www.acquia.com/resources/webinars/ training-what-consider-writing-your-rfp Friday, January 31, 14 48

×