Restrict Users to Editing Only Their Own Profile Page
A common problem is how to restrict editing access to user pages or profiles so that each user can edit only their own page when that page was originally created by someone else, such as a webmaster or administrator. (E.g., how to allow faculty to edit only their own faculty profile page but not any other faculty profile pages without requiring each faculty member to create their profile page themself.) The solution is fairly straight forward.
- Go to Administer -> User management -> Access Control [aka http://.../admin/user/access] (Drupal 5.x) or Administer -> User management -> Permissions [aka http://.../admin/user/permissions] (Drupal 6.x)
- In the "node module" section, give the relevant user role (e.g., "Faculty") permission to "edit own" --but not plain "edit" (Drupal 5.x) or "edit any" (Drupal 6.x)-- for the relevant content type (e.g., "edit own facultyprofile content")
- For each existing user page/profile:
- Go to that page and select "Edit"
- Change the "Authoring information" section "Authored by" field to the user's username. (E.g., if using WebAuth,
facultymemberSUNetID@stanford.edu) Note: the faculty member will need to have logged in to the site at least once prior to changing the "Authored by" field, so that their username exists in the site's database.