Restricting content requires users to log in to view a page or file.

On UQ Standard websites, you can restrict access to content to one of the following user groups:

  • all staff
  • all staff and all students
  • staff with specific Drupal roles.

Restricted content doesn't appear in menus or automatic lists for users who cannot access it.

When to restrict content

All restricted content must comply with the university's ICT Security Policy, Procedures and Guidelines [6.30.01].

Restricted content is appropriate when:

  • the content needs to be available to the target audience (staff, students or both), but not brought to the attention of the public (e.g. internal projects or business processes)
  • you're building a panel page and need to restrict access prior to launching the page.

Restricted content is not appropriate when:

  • the content could compromise or damage UQ’s reputation or infringe on an individual’s privacy (e.g. staff or student records, student results or commercially-sensitive information)
  • the content isn't suitable for public release (e.g. content that contains confidential, sensitive, secure or private information).

How to restrict content

To enable the 'Restricted content' module on your site, submit an IT request.

Once enabled, site editors and above will be able to restrict:

  • node pages
  • panel pages
  • files.

Restricting node pages

Once the module is enabled, a new field will be added to the bottom of your node pages: 'Restrict access to this page to the following groups'.

When editing a page, use this field to select which group you want to restrict your content to and select 'Save' to restrict the page.

Restricting panel pages

If you create a new panel page and you haven't linked to it or added it to the menu, users won't be able to find it at first unless they are given the direct link.

If you're building a panel page over a long period of time or have a specific launch date that it can't go live before, you can restrict access to users with specific Drupal roles (e.g site builders) until you're ready to launch the page.

Once the page is ready to launch, you can also restrict access to staff, students or both, if required.

To restrict access to a panel page:

  1. Click 'Customize this page' in the black Drupal menu at the bottom of the page.
  2. Hover over the plus icon (+) in the blue box at the top of the page and a cog icon will appear.
  3. Click the cog icon and then click 'Edit Panel'.
  4. Select 'Access' from the tabs on the left.
  5. Click the 'Context exists' drop-down menu and select 'User:role' > 'Add'.
  6. Select which user roles you want to restrict access to and click 'Save'.
  7. Click 'Update and save' to restrict the page.

Restricting files

There are two folders in Drupal's file browser that can be used to restrict access to files: 'Staff only' and 'Staff and students'. Documents uploaded into these folders can only be accessed by logged in users who belong to these groups.

Showing users that content is restricted

You'll need to let users know that a page or file is restricted to a certain user group.

To indicate that users will need to log in to access content, add information to the end of the link text on all pages that link to that content:

  • for content restricted to staff, add (staff login required)
  • for content restricted to staff and students, add (UQ login required).

For example: Library 101 tutorial (UQ login required).