ETools is a module for organizations to help them simplify the needs of permissions and roles and quickly grant various users levels of permissions to add/edit/delete content. The permissions can also be set to allow specific set/category of users to see the content.
Background of the Use Case
In most organizations intranet systems exists to disseminate information to departments and regions. But they barely have proper users and permissions wherein information specific to one department may be up on the intranet without bothering any other department.
A typical organizational structure would be something like this
The CXOs will be global but most managers[senior and mid-level] would belong to regions and departments.
Let us take one such Use case where the Finance Department may want to put across an announcement on Quarterly reports to all the CXOs and Managers of Asia-Pacific Region.
In this case it would mean, an Employee from Finance Department should be able to add a Announcement and allow all CXOs and Managers for Asia-Pacific Region as an audience to see the announcement and react to it without interfering with other departments.
The problem here is to allow the departments only the requisite amount of permissions to add/edit an announcement and assign to specific people/regions/departments to read.
A way to do this in Drupal is to do it using OG or Organic Groups. But it is cumbersome and requires too many modules to facilitate permissions for each piece of content. The OG doesn't consider individual user level permissions too. And one of the specific tasks that ETools can cover is the creation of GMRs or Granular Moderation Rules. GMRs are going to be discussed a little later in this Case Study.
As glimpsed earlier, ETools is a Drupal module that allows the system administrators to define users in various groups and allow them roles and permissions based on their groups or even individually.
The module does not need you to go to every user separately and assign them roles but it utilizes taxonomies and GMRs to assign permissions to post and read content. The way is quicker and can help achieve great granular level of permissions without messing with other peoples permissions.
Here is very quickly how Etools work :
- Create a user.
- Create taxonomies to reflect Departments, locations/regions as tags.
- Assign each user the requisite terms under Departments, Employee, location etc.
- Create GMRs to define granular rule to create content.
The content now created will be based on rules and can be read by only those who come under the rules and are tagged appropriately.
Continuing with our use case, let us see how we can implement it using ETools in the given scenario.
Let us first create a couple of users. One that can create a content and one that should be able to read it.
We now define a content type that will be used by this user, It can either be an Announcement or a Report in our case and then we assign it to ETools module under Enterprise Group Content Settings.
For a user to create an announcement in our scenario, the user must be an employee of Finance Department. He may or may not belong to the same region as the announcement is being created for, but from being Finance Department is a must.
We define the various departments and locations using the taxonomies such as these
Once the various taxonomies, to represnt structure and hierarchy of the organization, have been created, they start appearing as components to "Granular Moderation Rules" or GMRs.
A GMR is a granular rule applied on a user based on specific parameters [publisher, audience and filter audience]. By setting these parameters for the user, administrator is able to easily define the boundaries for a user. In our use case the user is restricted to being an Executive[Publisher] making Announcements[Content Type] under Asia Pacific region[Audience] for Finance Department[Filter Audience]. Just as one has been shown here.
A typical GMR after being apporpriately filled will look like this and work as a rule of permission for a certain group of users, for a particular content type.
Based on the GMR just created and associated with the "financeguy", the user is now restricted to create only an Announcement, so when he clicks on "Add Content" , he/she is taken to the "create announcement" form directly.<Snapshot 5 for adding announcement with highlight on content audience>
The user (financeguy) can select the audience he want to convey the announcement to and after filling the other details, save the form.
For another user (senmanager) who is a Senior Manager in the Finance Department in the Asia-Pacific Region, India, the User Terms defined for him in his profile would allow him to see the announcement.
Afte the correct terms have been asigned to this user, the user(senamanager) becomes elligible to read the annoucement.
<Snapshot 7 : for content page allowing access to the 'senmanager'>
Similarly, a user who is NOT part of the groups defined in the GMR (Finance Departments in Asia-Pacific Region), for eg. a CXO, if included in the announcement form, will be able to see the announcement pretty easily.<Snapshot 8 : Another screenshot to allow a user NOT part of the Finance Dept, Asia-Pacific, but yet having access to the Announcement, a CXO>
The above process details how a complicated use case of content being published for a group of users without complicating it with the Drupal roles and permissions can be achieved.
Some more use cases that can be resolved here
- Reports originating from a department can be shared with the same departments in all the regions.
- Sharing the development process with the team in a private group. This requires setting a team up in a private group using Enterprise groups. Such groups can be added too
- Grievances from employees to the HR department.
The GMRs are reusable for various scenarios and are quick to create. But more importantly they are agreat way to provide permissions on the most granular level and what's even greater is that it does not affect the overall website that might not conecrn with permissions!