Group
A powerful module that allows you to group users, content, and other entities together with fine-grained permissions and access control within each group.
group
Install
composer require 'drupal/group:^3.3'
Overview
The Group module provides a flexible system for creating collections of users, content, and other entities. Unlike Organic Groups (OG), Group takes a fundamentally different approach by creating a dedicated "Group" entity type that serves as a container for related content and members.
Each group can have its own set of roles and permissions, allowing for sophisticated access control that operates independently from Drupal's global permissions. Users can be members of multiple groups with different roles in each, and content can be associated with one or more groups depending on the configuration.
The module uses a plugin-based architecture called "Group Relations" that determines how different entity types can be added to groups. This extensible system allows developers to create custom integrations with any entity type. The module ships with a built-in Group Membership plugin for users and provides the Group Node submodule for node integration.
Key features include: multiple group types with unique configurations, flexible role scopes (Outsider, Insider, Individual), automatic membership for group creators, configurable cardinality for entity relationships, revision support for groups, and comprehensive Views integration.
Features
- Custom Group entity type with configurable group types (bundles) supporting fields, display modes, and revisions
- Flexible group role system with three scopes: Outsider (non-members synchronized with global roles), Insider (members synchronized with global roles), and Individual (manually assigned to specific members)
- Fine-grained permission system operating independently from Drupal's global permissions, with permissions assignable per group type and role
- Group Membership system that tracks users as group members with support for multiple roles per membership
- Plugin-based Group Relations architecture allowing any entity type to be added to groups with configurable cardinality and access control
- Entity access control for grouped content - groups can determine who can view, edit, and delete associated entities
- Built-in Views integration with custom access plugins, arguments, and relationship handlers for building group-aware displays
- Group operations block showing context-aware actions available to the current user for a specific group
- Creation wizard for adding new entities to groups, ensuring relationship fields are properly filled out
- Automatic group creator membership with configurable roles assigned to creators
- Cache contexts and tags for proper caching of group permission-dependent content
- Token support for groups and group relationships
- Pathauto integration for automatic URL aliases (optional)
Use Cases
Private Intranet Departments
Create group types for company departments where each department is a group. Department heads get admin roles while regular employees are members. Content added to departments is only visible to department members. Outsider roles synchronized with global admin can manage all departments.
Online Learning Classes
Educational platform where each course is a group. Instructors create groups and automatically receive admin privileges. Students join or are added as members. Course materials (nodes) are added to the group and only visible to enrolled students. Different content types can have different permission rules.
Community Interest Groups
Social platform with user-created interest groups. Users can create groups on any topic and become the group admin. Other users join groups they're interested in. Group admins control membership and can assign moderator roles. Content is shared within the group community.
Client Portals
Agency website where each client has a dedicated group. Client contacts are added as members with view-only access. Agency staff have roles synchronized with their global roles, giving them automatic access to all client groups. Client-specific documents and project updates are organized within each group.
Multi-tenant Application
SaaS application where each tenant/organization is a group. Tenant administrators manage their own users, content, and roles without affecting other tenants. Global administrators have outsider admin roles to manage all tenants when needed.
Tips
- Always configure synchronized group roles for your global administrator role to ensure site admins can manage groups without needing individual memberships.
- Use the 'Automatically configure useful default roles' option when creating group types to set up a sensible starting configuration with Anonymous, Outsider, and Member roles.
- The Group Operations block is the recommended way to provide users with join/leave links and other group actions - add it to your group page layout.
- For complex permission requirements, consider using multiple group roles with different scopes rather than trying to handle everything in one role.
- When adding fields to group relationships (memberships), enable the 'creation wizard' to ensure users complete all required fields.
- Use the 'access content overview' permission sparingly - it shows technical relationship data that's mainly useful for debugging or power users.
- Group permissions are entirely separate from Drupal's global permissions - a user with 'administer nodes' globally still needs group-specific permissions to manage nodes within a group.
- The group_members view at /group/[id]/members can be customized or replaced with your own views while maintaining the same path.
Technical Details
Admin Pages 12
/admin/group/settings
Configure global settings for the Group module that affect all groups across the site.
/admin/group
Overview page listing all groups on the site. Provides a tabbed interface to access groups list, group types, and module settings.
/admin/group/types
List of all configured group types. Each group type acts as a bundle for the Group entity with its own configuration, roles, and available content plugins.
/admin/group/types/manage/{group_type}
Configure a specific group type including its label, description, group settings, and creator settings.
/admin/group/types/manage/{group_type}/permissions
Configure permissions for all roles within this group type. Displays a matrix of permissions by role with checkboxes to grant/revoke permissions.
/admin/group/types/manage/{group_type}/roles
Manage group roles for this group type. Roles can be in three scopes: Outsider (for non-members), Insider (for members synchronized with global roles), or Individual (manually assigned).
/admin/group/types/manage/{group_type}/roles/add
Create a new role for a group type with configurable scope and optional global role synchronization.
/admin/group/types/manage/{group_type}/content
Manage which entity types can be added to groups of this type by installing or configuring Group Relation plugins.
/admin/group/content/install/{group_type}/{plugin_id}
Configure and install a Group Relation plugin on a group type, enabling that entity type to be added to groups.
/group/{group}/members
Views-powered page displaying all members of a group with their roles, join date, and operation links.
/group/{group}/join
Self-service form allowing users to join a group if they have the 'join group' permission.
/group/{group}/leave
Confirmation form allowing members to leave a group if they have the 'leave group' permission.
Permissions 3
Hooks 1
hook_group_operations_alter
Allows modules to alter the links displayed in the Group Operations block for a specific group.
Troubleshooting 6
By design, Drupal user 1 does not automatically have group access. Create Outsider and Insider group roles synchronized with your global administrator role and mark them as admin roles. This grants full access to users with the global admin role.
Edit the group type and enable 'The group creator automatically becomes a member'. Then configure 'Group creator roles' to assign one or more roles (including an admin role if desired) to creators.
Ensure the Group Relation plugin has 'entity_access' enabled (check plugin annotation/attribute). For gnode, this is enabled by default. Also verify that the user has the appropriate view/update/delete permissions for that entity type within the group.
Clear all caches. Group permissions use sophisticated caching with the user.group_permissions cache context. Running 'drush cr' should resolve most caching issues.
First, ensure the appropriate Group Relation plugin is installed on the group type (Admin > Groups > Group types > [type] > Content). Then verify the user has the 'create [plugin] relationship' permission within the group.
Create an Outsider scope group role synchronized with the 'Anonymous user' global role. Grant the 'view group' and any other necessary permissions to this role.
Security Notes 6
- The 'administer group' permission grants full control over all group configuration. Only grant this to fully trusted administrators.
- Admin group roles have all permissions within that group type, including the ability to manage other members. Assign carefully.
- By default, group creators don't have any special permissions unless configured. This is intentional for security - explicitly configure creator roles.
- Entity access control (when enabled) operates in addition to, not instead of, Drupal's standard entity access. Both must allow access for a user to access content.
- Outsider roles synchronized with the Anonymous user global role allow non-authenticated access to groups - configure permissions on these roles carefully.
- Group memberships and roles are stored as content entities and are subject to data privacy considerations under regulations like GDPR.