3. Introducing Crossvale
Proud Platinum Sponsor of OpenCamp
Crossvale’s technical sweet spots:
S ft
Software integration
i t ti
Automated workflows
Enterprise portals and Web applications
Headquartered in the DFW metroplex
We want to work with YOU
O
If you need a teaming or prime partner
If you want to sell through a GSA Schedule 70
As we need responsible and capable specialists
3
4. Case Study: Employee Portal
“Crossvale delivered our employee enterprise portal in just two months, on time
and on budget. We now have a modern, effective intranet portal to support our
5000 employees and 14 departments, providing a central location for all forms,
policies, guides, news, and more!”
Dan W., Director Employee Communications
Portal went live with the corporate rebranding at
the start of the year
The #1 reason we won it: Time to market
Completed in less time than a technical evaluation
Cost savings vs. commercial software, and especially
the additional man-hours, were beyond compelling
4
5. Employee Portal Highlights
The home page for 5000 employees
Supported on IE6 (now IE8) and FireFox
Provides ll
P id all employee communications, policies
l i ti li i
and guidelines
14 departments with non-technical authors
E.g. HR, IT, Finance, Legal, Security…
2000+ nodes of content
1800+ binary documents and videos
5
6. Some Employee Portal Features…
LDAP (Active Directory) authentication
Dynamically evaluated roles for content access
I t
Integrated with the HR W h
t d ith th Warehouse
Public/private file system
Sarbanes-Oxley (SOX) Compliant
Banners, links and resources related to current
content and role
Live stock market updates
Integrating Yahoo! Finance
6
7. …Some Employee Portal Features
Many,
Many many content types
Company-wide live webcasts
Video library archive
Vid lib hi
Bulk pre-configured quotes of the day
Integrated search support for users, nodes, and
attachments/binaries
Printer-friendly and PDF generation from pages
Drupal version: current (6.19 as of printing)
p ( p g)
Module Count: 70+
7
8. Goal: Departmental Authors
Departmental authors can only author content that
belongs to their department
Within their department departmental authors can
department,
access each other’s content, even if it is
unpublished
Devise a repeatable, scalable approach to
managing this capability
Devise a manageable way for authors to review
the content for which they are responsible
8
10. 1. Departmental Content
At its simplest, Drupal can segment nodes by
simplest
content type
But it is too limiting to design departments with their
own types
Departments each have use for most of the same
content types:
E.g. banners, news, pages, books, forms, policies,
guides, videos, links, etc.
10
11. Approach: Departmental Content
Keep universal content types across departments
Discriminate by a custom field specifying the
department to which the node belongs
When a node is created, the author specifies the
department field
Policies, filtering, grouping, etc. can then be
applied i a d
li d in departmental f hi
t t l fashion
11
12. Module: Taxonomy
Part of the Drupal Core Taxonomy provides for
Core,
the categorization (i.e. tagging) of content
Enables cool capabilities with Views Token and other
Views,
powerful modules
Create a Department vocabulary specifying:
vocabulary,
To which content types it applies (e.g. Pages)
That it is required
Add vocabulary terms: Finance, HR, IT, etc.
12
13. Module: Content Construction Kit (CCK)
CCK is used to extend content types with tailored
fields
Essential for tailored rich content types
tailored,
Control for clean forms and display settings
http://drupal.org/project/cck
htt //d l / j t/ k
Enable these essential module components:
Content, Number, Option Widgets, Text
Not related to taxonomy, unless you add…
13
14. Module: Content Taxonomy…
Content Taxonomy enables the addition of fields
that map to taxonomy vocabularies
Such fields can support automatic tagging
You can choose content and/or taxonomy
http://drupal.org/project/content_taxonomy
htt //d l / j t/ t t t
Enable these module components:
Content Taxonomy, Content Taxonomy Options
14
15. …Module: Content Taxonomy
Create a “Department” taxonomy field for your
Department
content types, specifying:
It is Required and has only 1 value
Save values additionally to the core taxonomy system
It contains terms from the Department vocabulary
Move the field to just after the Title field
Easier for authors to initially and obviously designate
content if these two fields are first
15
17. …Result: Departmental Content
Configure CCK “Display
Fields” to [un]display this
new field as desired
fi ld d i d
17
18. 2. Departmental Authoring
After setting up departmental content enable
content,
security policies for departmental authors
For a simplified and repeatable approach:
Create a generic (think “base”) author role granting
only content creation permissions
Create specific department author roles granting
editing p
g permissions based on taxonomy y
Assign users to the base AND their specific role
But how to associate permissions based on
taxonomy?
18
19. Module: Taxonomy Access Control (TAC)
Taxonomy Access Control enables access policies
to content based on taxonomy attributes
http://drupal.org/project/taxonomy_access
http://drupal org/project/taxonomy access
Enable the one module component:
T
Taxonomy Access Control
A C t l
Next, configure security roles:
/admin/user/taxonomy_access
19
20. Configure a Role with TAC…
1. Select the new
taxonomy term
3. Add this new
3 Add this new
setting to this role 2. Specify the
permissions
20
22. Result: TAC
With TAC enabled, only
the granted taxonomies
are made available.
22
23. Testing Best Practice: Masquerade
Create dummy accounts of various roles then
roles,
test via masquerade
Masquerade enables an entitled user to assume
the identity of another
http://drupal.org/project/masquerade
http://drupal org/project/masquerade
Enable the one module component:
Masquerade
Next, add the Masquerade block
23
24. Using Masquerade
Use the masquerade
Use the masquerade
block to switch user IDs
Switch back when
finished. Use the URL if
your user can’t see the
switch back options.
/masquerade/unswitch
24
25. Bonus: Pre-populating Department
Pre populating
Q.
Q How can we pre populate the Department field
pre-populate
from the role membership of the author?
A.
A Specify the default value with PHP:
// map from author role name foreach ($user->roles as $key => $my_role) {
// to dept term id
p switch ($my role) {
($ y_ )
$map_role_to_dept["HR Author"] = 4; case "HR Author":
$map_role_to_dept["IT Author"] = 7; case "IT Author":
... $my_department =
$map_role_to_dept[$my_role];
// access current user info break;
global $user; }
}
// determine visitor’s dept return array( 0 => array(
$my_department = 0; 'value' => $my_department));
25
26. Bonus: Restricted Visitor Access
Restrict visitor access by:
Non-union employees vs. union, manager,
departmental employee, departmental manager, etc.
Use TAC for View access on visitor roles
Just like Add/Delete access on author roles
But don’t forget to first:
Add a Restricted vocabulary and add a matching
content field
Setup the author permissions with this vocabulary
26
27. Config: Restricted Default Access
“default” applies the
policy across all terms in
the vocabulary y
Default visibility for
anonymous and
anonymous and
authenticated users is now
DENIED
27
28. Config: Restricted Manager Access
Ensure managers can “see” the
Ensure authors can “see” the
restricted content…but only the
content they should!
28
29. Config: Restricted Author Access
The proper result
for an IT author
Authors must also be able to see
Authors must also be able to
the restricted content… and
see the restricted content…
update, delete, create, & list
d d l & li
and add, delete, create, & list
29
30. 3. Multiple Authors
Drupal supports many authors through role based
role-based
permissions
Key limitation: only the administrator can see
unpublished content
i e Authors can only see each other’s published
i.e. other s
content
It is essential for multiple authors to collaborate on
unpublished content too!
30
31. Module: Module Grants
Applies security policies from access modules
onto unpublished nodes, so authors’ access
policies can be used in a team effort
http://drupal.org/module_grants
Enable these module components:
Module Grants, Node Tools
31
32. Authoring Best Practice: Content List
With lots of content especially with access
content,
restrictions, it becomes difficult to ensure accurate
configurations
The content list is a custom view specifically for
authors,
authors listing all pertinent content
Exposed filters for easy review
Type department restriction published status search
Type, department, restriction, status,
terms
Enables review of content, access and
content access,
convenient edit links (including “?destination”)
32