Organic Groups

Provides a flexible API for creating and managing groups with members, roles, permissions, and group content associations.

og
9,487 sites
71
drupal.org
gui api field content
group membership access control community permissions roles collaboration social content organization

Overview

The Organic Groups module (OG) provides users the ability to create, manage, and delete their own 'groups' on a site. Each group can have members and maintains a group home page where individual group members may post content. Posts can be sent to multiple groups (cross-posted), and individual group content may be shared with members or non-members as needed.

Group membership can be open, closed, or moderated. The module leverages Drupal's field API to associate content types with groups, meaning any entity type can become a group or group content by attaching the appropriate OG fields. Users can select which groups their content is associated with from a list of groups they have authorization to view.

OG provides a complete role and permission system at the group level, allowing different permissions to be assigned to different roles within each group context. This enables group admins to have granular control over their own groups while site admins maintain oversight of all groups.

Features

  • Define any entity type/bundle as a group through the admin UI or programmatically
  • Associate content with groups using entity reference fields with OG selection handlers
  • Fieldable OgMembership entity that connects users to groups with state (active/pending/blocked), roles, and metadata
  • Group-level role and permission system independent of Drupal core roles
  • Three membership states: active (full member), pending (awaiting approval), and blocked (denied access)
  • Multiple membership types support for different membership tiers (e.g., default, premium)
  • Automatic group creator membership with configurable group manager full access
  • Subscribe/unsubscribe functionality with optional approval workflow for private groups
  • Orphaned group content handling when groups are deleted (simple, batch, or cron methods)
  • Strict node access permissions that respect group membership for CRUD operations
  • Group context resolution from routes, query arguments, and user access
  • Views integration with group-to-content and content-to-group relationships
  • Bulk actions for membership management (approve, block, unblock, delete, add/remove roles)
  • Event-based architecture for extending permissions, roles, and admin routes
  • Cache contexts for group context, membership state, permissions, and roles

Use Cases

Community Groups

Create a community site where users can create and manage their own groups. Each group has its own members, content, and administrators. Group creators automatically become administrators with full control over their group's membership and permissions.

Project Management

Set up project-based groups where team members collaborate on tasks and documents. Different membership types (developer, manager, viewer) provide varying access levels. Use pending membership state for new team members requiring manager approval.

Educational Courses

Create course groups where instructors manage students. Course content is only visible to enrolled students. Instructors have full administrative access while students can view and submit assignments within their course groups.

Private Workspaces

Implement private workspaces where subscription requires approval. Enable 'deny_subscribe_without_approval' setting and grant only 'subscribe' permission to non-members. Administrators approve membership requests to maintain group privacy.

Multi-tenant Platform

Build a multi-tenant platform where each tenant is a group with isolated content and users. Use strict node access to ensure content editors only modify content within their tenant groups.

Membership Tiers

Implement tiered memberships using multiple membership types. Create 'default' and 'premium' membership types with different fields and expiration logic. Premium members receive additional roles and permissions within groups.

Tips

  • Use the Og::createField() method to programmatically add OG fields to entity bundles during module installation.
  • Subscribe to the og.permission event to add custom group-level permissions for your module's features.
  • Use cache contexts (og_group_context, og_membership_state, og_permissions, og_role) when rendering group-dependent content.
  • The OgMembership entity is fieldable - add custom fields to membership types for storing member-specific data like join reason or expiration date.
  • Use Views relationships (og_group_to_group_content) rather than directly querying audience fields for listing group content.
  • For private groups, combine 'deny_subscribe_without_approval' setting with careful permission configuration to ensure membership requests require approval.
  • Group managers receive full permissions when 'group_manager_full_access' is enabled - consider disabling this for sites where ownership transfer is common.
  • Use the batch or cron orphan deletion method for sites with large amounts of group content to prevent timeout issues.
  • The og_autocomplete element provides group-context-aware entity references - use it when building custom forms that reference group content.

Technical Details

Admin Pages 11
Organic groups /admin/config/group

Main administration page for Organic Groups module providing access to settings, roles, and permissions configuration.

OG settings /admin/config/group/settings

Configure global settings for Organic Groups behavior including membership handling, access control, and orphan content management.

OG roles overview /admin/config/group/roles

Overview page listing all group types with links to manage roles for each group bundle.

OG roles for [bundle] /admin/config/group/roles/{entity_type_id}/{bundle_id}

Manage OG roles for a specific group type. Roles can be reordered by dragging and have operations for edit, delete, and permissions.

Add role /admin/config/group/roles/{entity_type_id}/{bundle_id}/add

Create a new OG role for the specified group type.

OG permissions overview /admin/config/group/permissions

Overview page listing all group types with links to manage permissions for each group bundle.

[Bundle] permissions /admin/config/group/permissions/{entity_type_id}/{bundle_id}

Configure permissions for each role within a group type. Permissions are organized by provider (Group, Group content) and displayed in a matrix format.

Membership types /admin/structure/membership-types

Manage OG membership type bundles. Membership types allow different membership configurations (e.g., default, premium) with custom fields.

Add membership type /admin/structure/membership-types/add

Create a new membership type bundle for OG memberships.

Members /group/{entity_type_id}/{group}/admin/members

View and manage group members through a Views-based interface with bulk operations for membership management.

Add member /group/{entity_type_id}/{group}/admin/members/add/{og_membership_type}

Add a new member to the group by selecting a user and assigning roles.

Permissions 1
Administer Organic groups

Administer all groups and permissions. This is a site-wide permission that grants full access to all OG administration.

Hooks 1
hook_og_user_access_alter

Allows modules to alter group-level permissions for a user. Can be used to dynamically grant or revoke permissions based on custom logic.

Troubleshooting 6
Users cannot see the subscribe link on groups

Ensure OG UI module is enabled, the 'Subscribe user to group' permission is granted to appropriate roles at admin/config/group/permissions, and the 'Group subscription' formatter is selected for the Group type field in the content type's Manage Display settings.

Group content is not associated with groups

Verify the content type is configured as 'Group content' in its Organic groups tab. Check that the og_group_ref field exists and the user has permission to post in the target groups.

Users with global edit permissions cannot edit group content

This is expected behavior when 'Strict node access permissions' is enabled. Either disable this setting at admin/config/group/settings, add the user to the group, or grant them the 'administer organic groups' permission.

Orphaned content remains after deleting a group

Enable 'Delete orphans' in OG settings at admin/config/group/settings. Choose the appropriate deletion method (simple for immediate, cron for background processing). For cron method, ensure cron is running regularly.

Group roles and permissions are not being applied

Clear the cache after making changes. Verify the user has an active membership (not pending or blocked) in the group. Check that the correct permissions are assigned to the user's role at admin/config/group/permissions.

Group context is not being detected

Verify group resolver plugins are correctly ordered in OG settings. The default order is: route_group, route_group_content, request_query_argument, user_access. Clear cache after configuration changes.

Security Notes 6
  • The 'administer organic groups' permission grants full access to all groups - restrict this to trusted administrators only.
  • Group-level permissions with 'restrict access' flag (like 'administer group') should only be granted to trusted roles.
  • When 'Strict node access permissions' is disabled, users with global edit permissions can modify group content regardless of membership.
  • The 'subscribe without approval' permission allows users to join groups immediately - only grant this for public groups.
  • Group owners always retain certain permissions - ensure ownership transfer is handled appropriately when changing group ownership.
  • Custom hook_og_user_access_alter() implementations must properly add cache dependencies to avoid stale access results.