Making a Node Secure/Limited to one user Role?

Actually we are not all librarians here. The groups is for Drupal in Libraries, not Drupal for Librarians. I'm not a librarian, but I am a programmer/analyst/technology strategist that has worked in a library IT department for the past 14 years.

To answer the question. I'm not sure if this will do what you want but take a look at the node_access modules (http://www.drupal.org/project/node_access)

A couple off-the-top-of-my-head ideas; there are probably a number of other options, too ...

1. Create a "board meeting" CCK content type that includes a separate FileField field for each kind of document (agenda, packet, minutes, etc.). Use the Content Permissions module and a "board" role to restrict access to the fields for board-eyes-only documents.

2. Create a separate content type for each kind of board document, and don't publish the nodes for any type that's board-only. Use Views to pull together all appropriate nodes associated with a meeting for display to anon/public vs. board/admin users. The view designed for the board wouldn't have the "published" filter enabled, and would be restricted by role.

To restrict access to the actual PDFs uploaded via FileField, see this (especially comment #3): http://drupal.org/node/644580

But you might want to review the state's FOIA to see whether it really makes any sense to lock anything down. I suspect that most (if not all) of the documents actually are public info that the library would need to release to anyone who makes a written request.

BTW, if at least one full-time staff member of your library does website maintenance as a part of her or his job duties, Illinois law requires board meeting agendas to get published on the website at least 48 hours before the meeting.

Well noted, fereira, I was blasting this off this morning to solve a problem and was not thinking about the specificity of that term. I should have thought more about the global audience I was addressing before posting this. Ironically, my husband is an IT person at a university, so I totally understand your response. I'm also used to posting to librarian listservs predominately (and with the depletion of library systems, those have been disappearing as of late. sad). I do owe you an apology. I value all IT people who work in public libraries, because they are truly the ones who make access to our resources seamless. Your library is very lucky to have your expertise and experience, and this list is also very lucky to have you and all Information Technologists. Thank you for responding to my post and have a wonderful day.

Btw: This ticket maybe filled due to an outpouring of messages I received off-list. One suggestion is to create a content type specific to one user role, and go from there. Well said. If you can think of any others, I'm all ears. Thanks again!

http://drupal.org/project/content_access is an awesome, well maintained, and popular module for setting node by node access when you must have different access control settings for individual nodes of the same content type. This module is for restricting access to the node, not to the uploaded PDF file. For that, see the "Brainstorming" comment above.

There's a comment above for the http://drupal.org/project/node_access module, but I don't have any experience with it, so can't offer a comment on that.

There's also the possibility of using different content types, as suggested in the above comment.

Good luck!

As an alternative to Content Access, there's the Node Privacy by Role module. I use it on my site. It's so easy to use and gives fine grained access control based on roles to your nodes. It is compatible with Webforms. However, take good note that it is not compatible with the Taxonomy Access Control module.