There are a couple of ways (as you've found) to tackle this problem.

My first approach would be to use TAC Lite. It's not too difficult to set up and it's easy to use. Along with this I'd also use Taxonomy Hide to conceal the security tags.

Node Access also provides a pretty simple solution. FWIW I have more experience with TAC Lite.

Regarding views: Views can be easily restricted based upon a role, but I think what you are describing involves access to particular nodes that, aside from their "security" characteristic, similar to other nodes.

One other thought: If this content really needs to be protected from prying eyes that aren't registered, then you need to use Drupal's private file system option and place the site's file directory outside the site's "html" directory.

Hope this helps,
Curt

I am not worried about security, only usability. Thanks for the suggestions.

I really only needed the link to the menu item changed. I saw a module that did this but it required a hack to core which I didn't want to do. So what I did instead was create two views. View # 1 is for authenticated users and shows all the help videos for authenticated users and none of the videos for the guests (done by taxonomy term). View # 1 displays on the url of /help. View # 2 is for guests and only shows the videos for guests. View # 2 displays on the url of /help-guest. I then created a link in my secondary links to /help and the menu number of this menu item is 995. I then went into my page.tpl.php file and added this which changes the link based on if the user is a guest or authenticated.

Kind of hackish I admit, but it works like a charm ;)

Sam,

What I fear you've produced is "Security by Obscurity" and the complete line goes "Security by Obscurity is NO SECURITY AT ALL!" It may be sufficient for your needs in this particular instance but it isn't very secure. Please let me explain further.

I know that in your case /help and /help-guest are the URLs for two different views but for purposes of my first illustration let's assume that they're nodes, unprotected by any other mechanism. While the menu points appropriately to the right place there's nothing to stop an unauthenticated user from simply entering the url as "http://thesite.org/help", which bypasses the menu, and seeing the (un)protected content. An inquisitive visitor might even guess the url after seeing "help-guest", or an authenticated user might have bookmarked the url when using a common computer.

OK, that scenario doesn't fit because in your case the URLs point to views and one of the views is restricted. What you've done is restrict the query to authenticated users but all the nodes are still available via their respective URLs, just like the case above. In this case while the unauthenticated user lacks the convenience of the view, the underlying nodes are still exposed to disclosure via their respective URLs.

I really think you're better using a real security solution, like TAC Lite, because:

• It actually protects your sensitive content.
• It's not too difficult to implement.
• You don't need two views; one will do.
• You don't need to write any PHP code, i.e., NO HACKING.

I hope this helps,
Curt

Curt. When using TAC_LITe would I have to create two node types. One called "registered user videos" and then set this to "private" and another called "guest user videos" and then set this to "not authenticated user"?

Then when I create my view I'll include both the "registered user videos" and the "guest user videos" in my view and TAC_Lite will only show the appropriate ones?

Sam,

The idea behind TAC Lite is that you create a taxonomy category and use terms within that category to define access controls. The category is then applied to your node types. When you create a node you indicate if the content is restricted. It's really quite simple in practice; much simpler than trying to describe it.

Ok. Thanks. I'll give it a try tonight.

Curt. I got it all working but can you explain schemes to me?