Managing Drupal 8 Permissions: User Personas

Managing Permissions in Drupal 8: User Personas

How have you been handling Drupal 8 permissions, so far? How have you been coping with all those checkbox checking “marathons", with the endless scrolling and with all those never-ending duplicates? Not to mention the security risks that you've taken, each and every time, and the bugs tracking down “nightmares”. Well, the future looks bright for us, Drupal developers, since Drupal 8 is “tempting” us with its “User Personas”! A module promising to bring more order into the whole process of managing permissions in Drupal. Let's find out what this promising module is all about:

WHY DID WE NEED A NEW DRUPAL 8 PERMISSIONS MODULE SO BADLY?

Because handling permissions and roles in Drupal has been / is (since not all of you already had the chance to give this module, which is still in its “alpha” version, a “test drive”.) such a tedious process and such a “risky” one, too.

Maybe this scenario is way too familiar to you: let's assume you're not a Drupal programmer or a Drupal developer, you're an “Administrator”. One who's dealing with THE settings page (you sure know which one I'm referring to) on a regular basis, one who's regularly granting permissions within a team. 

Now that I've given you this role, let's visualize you “in action”: you pretty much give a half of your team the roles of “administrators” and the other half will be “playing” the roles of “Content Editors”, right? There will be also very few “variations” from this schema: a “lonely” “Content Administrator”, now and then, maybe.

Now, are you already visualizing all those checkboxes that need to be checked over and over again, all the same permissions that need to be duplicated? Are you already anticipating the security risks you're taking? The situations when a bug is signalled and you can't possibly track it down by the Drupal 8 permissions granted to certain roles, since... all the so-called “content editors” share the same set of permissions and all the “admins” their own set of permissions?

Can you see the 2 major problems with this scenario?

THE LONG AWAITED "FIX" TO THESE PROBLEMS IS HERE: USER PERSONAS

Wait no more: Drupal 8's ready to “come to your rescue”!

I present you: User Personas, a module for helping you handling roles and Drupal 8 permissions “the right way”.

Before we go into detail, I feel like I should stress a mistake in the way we used to perceive “Drupal roles”: as job titles. 

Well, they shouldn't be job titles! And User Personas encourages us to start perceiving roles as capabilities, responsibilities as people, after all! Therefore, a role shouldn't be named “content editor” or “content publisher”. These job titles/roles already carry many distinct capabilities and responsibilities under their umbrellas. 

A good practice, that the Drupal community behind User Personas promotes, is that of making a habit of creating single-purpose roles. Small roles which we could, then, put together under the “umbrella” of a single “persona”.

BUT WHAT ARE "PERSONAS" IN DRUPAL 8?

Glad you've asked (for I'm sure you have) yourself that! It's a more than legitimate question.

Let me “enlighten” you as much as I can: “personas” describe not just single users, but groups of users and each persona can have a whole “palette” of roles! 

Personas do resemble “Drupal roles” a lot, but they aren't “roles”, they're “bundles of roles”

An example of a persona could be a “Reader” (on a blog). A “Reader” could have several roles: “Viewer” and “Commentator”, let's say.

Well, according to the given roles, the user persona, our “Reader”, is implicitly granted permission to view the content on the blog and to view, edit and post his own comments, as well.

And that's it! He cannot, for instance, decide which one of his comments can go live and which ones cannot! 

AND FINALLY: LET'S TALK ABOUT THE USER PERSONAS MODULE ITSELF

Here's how this Drupal 8 module works: once the user is saved, the module automatically saves the correspondent roles assigned to this user entity (persona), as well. 

Nothing is changed, in terms of code, it will keep handling permissions and roles as it used to in Drupal. “Personas” won't impact the whole “mechanism” behind: the module works fine both with core and contrib.

But it will help You to better organize your workflow, to manage “roles” and “permissions” more efficiently. It will enable you to define user personas, to assign multiple single-purpose roles to each one of them, each small role coming “equipped” with its own set of permissions.

Not everyone will be “content editor” with Drupal 8' User Personas, not everyone can “create” content on your Drupal website. Each member of your team will have a definite number of roles/responsibilities with a clear set of Drupal 8 permissions: handle, view, apply changes, post, create content etc.!

In a nutshell: User Personas allows you to create personas and to give each one its “array of roles”, roles which come with their own sets of permissions, and it even enables personas to share certain roles, when applicable: for instance, both a “Content moderator” and a “Viewer” can actualize “view the content created for a blog post” (but not both of them can actually edit it). 

And you'll need to handle permission duplicates far more rarely! Since roles will now become so much more “single-purpose”: you won't be having the same general “role” repeating itself over and over again, therefore you won't need to duplicate the same sets of permissions over and over again, either. 

How about you? Have you already tried User Personas? Can you share some of your opinions? What do you think: will it really streamline your workflow or do you find the whole idea of creating new and new small roles a bit too discouraging? I'm curious to hear your thoughts on this module!