This functionality is available to Administrators only.

This can restrict access to a page but not to a block. So a block can still be seen on an otherwise restricted page


1. Add a user group into the roles for a site

Add a new role.

Then next you need to edit permissions.

There is a few things that we need to tick to give this role access.
  • Access to files
  • View published content

2. Per node access control

Structure -> Content types -> Basic Page

Tick Per content node access control settings.

Note: In order for this to take effect you will need to rebuild node access permissions.

Reports->Status report->Node Access Permissions

3. Add people or groups of people to the role

Configuration -> People -> simpleSAML php settings

Make sure that your role is turned on 

Then you need to assign that role out.

Which is done under this section and will look something like this.

Rules for role mapping

{Role}:{Mapping Type}:{Mapping Criteria}


#Active Directory – note the additional “ADD:” which is not part of the Active Directory Group Name – but required for the mapping to work.

intranet user:memberof:ADD:HABS Staff


# Org Unit (Will match only the Primary Org Unit the user is associated with)

intranet user:ou:National Research on Disability and Rehabilitation Medicine


# Role assignment based on whether Staff or Student

Intranet user:employeeType:Staff

Intranet user:employeeType:Student


# Role assignment by LDAP login.



but more offend than not the format you will use will be:

{New role name}:uid:{LDAP login} 

Note: The LDAP login can also be replaced by a student code for example:  TestRole:uid:s4263216


4. Change the access for each basic page

For each page you want to restrict access to, change the access control by ticking your new role on.

Turn Anonymous and Authenticated user off.