Mastering content workflow in govCMS

2 October 2015

govCMS ships with workflow capabilities out of the box. This article is for content managers and site owners who are evaluating govCMS for its workflow capabilities. You will see how the quality of published content can be improved as well as the improvements in security which can arise when you have an audited, moderated process.

Content Management Systems (CMS) typically allow content creators and editors to manage content by managing Create Read Update Delete (CRUD) operations through a UI. Editors interact with content by updating it is web based forms and saving their changes away. This approach works well as far as managing data is concerned, however, there are times where it falls short:

  • a mistake is made and content needs to be rolled back,
  • the differences between different versions needs to be visualised,
  • an audit is required of who did what when,
  • an moderator needs to review content before it goes live.

These extra requirements can be handled by content revisioning, workflow and moderation. We will walk through some typical scenarios and setup to show how workflow work in govCMS. 

User roles

Before we look at more advanced topics it’s worth looking at the basic principles underlying workflow in Drupal. 

User roles form the basis of the permissions system in Drupal. Each user will have one or more roles assigned to them. Each new role opens up access to new functionality inside the website, depending on how the permissions have been set up.

By default Drupal has three roles defined.  

  • Anonymous: for public users that access the website without a login.
  • Authenticated: for logged in users.
  • Administrator: for logged in users with full permission on the website.

In govCMS, four additional user roles have been set up for managing contents and site configurations. These roles can be altered, if required, however, as they stand they form a sensible starting point which should serve most Government agencies well for their workflow requirements.

  • Content editor: for content writers who can create and edit articles and other content on website.
  • Content approver: for moderators who can approve contents and publish articles to the public. They can also create and make changes to articles.
  • Site editor: for users who can can manage user accounts and manage other site aspects such as menus, blocks, panel, taxonomies, views and other backend systems.
  • Site builder: for users who need access to create and manage structural elements on the website, such as content types and other configuration.


govCMS will store each update of a page in a revision. Users with the right permission can browse the revision history and revert a particular version of a page. 

GovCMS revision

Content States

Content moderation in govCMS defines the states a content need to go through before it becomes published. By default, the govCMS provides three states.

All articles will first be created in draft, this draft is not published and it is only accessible by authenticated users.

Needs Review
When draft is finished, editors will update the article status to Needs Review. Content approvers can review the article and set it back to Draft for further changes or publish the article by setting the state to Published.

Only published articles is viewable by public. If content need to be updated after publish. A new draft will be created. The published version will still be accessible by public. All changes on the article will only be accessible in the backend by authenticated users. The changes will go through the three moderation states again before publish.

The following flowchart illustrates how content can move between the states. It is important to note that content moderators can push content back to content editors if it needs more work. If the content is good it can pass through to being published.

GovCMS moderation states

Advanced options: Customizing content moderation

It is possible to add new “states” into the Workbench Moderation module. Doing so will open the way for more complex workflows to be supported if the default ones are not adequate. This configuration would generally be done by a site builder after an analysis of the particular requirements.

The following screenshots illustrate how different states and transitions can be added and configured.

States define the different stages content moves between.

GovCMS moderation configuration

Transitions define the allowed flows between the states.

GovCMS moderation configuration

Under the user permission settings, you can define which user roles have permission to move content from one state to another.

GovCMS states transition user permissions

Bringing it all together

Workbench is the single place for content contributors to manage contents on the website. Here you have an overview of all the recent articles you have been working on, all your drafts and articles need review can be found under the My drafts and Needs review tabs.

Under the “Create content” tab you will find all the content types that a user have permission to create, like blog article, event, standard page, etc.

GovCMS content management workbench
You can see that quite a sophisticated system can be built by combining these various elements. It is recommended that the default workflow is used initially and then refined if required. It is general best to keep flows as simple as possible.

Suggested improvements to workflow

The workflow tools provided in govCMS are very helpful and will serve editors well, allowing them to manage content in a more reliable way. However, there are a few areas where Government agencies need to be aware of certain aspects.

Content approval process

Currently in govCMS, any “content approver” can create an article and publish it without a second person to review it. This is because content approvers have permissions to both create and approve content. If a content approver were to go rogue, it would be possible for them to create inappropriate content and approve it for publishing at the same time. In this scenario there is no second person involved who could sanity check the actions of the rogue.

If this scenario is a concern, it is recommended content approver should not have access to create contents. Therefore only content editors can create contents. Once a content is created, it has to be approved by content approver. 

File uploads

The default setup in govCMS does not allow any users (apart from administrators)  to upload media files, such as images, audio, video and documents. It is essential for content creators to be able to upload files such as images (for thumbnails) and other content (for downloads). However, it also opens a security hole as the files could potentially contain sensitive or inappropriate information.

Currently, the only practical solution to this problem is for permissions to be opened up to content editors, allowing them to upload files. This does open up the possibility of potentially harmful files being released to the public, yet it does at least allow editors to get on with the job of publishing content. As it stands this a known risk Government agencies must make. This situation is tempered by the fact that the file upload will be audited and traceable back to the user who uploaded the file.

One possible workaround would be introduce a media manager role and to assign that to user who needed it. They would effectively act as gatekeepers of files which were uploaded to the site. The content approver role could possibly be used for this as well.


Drupal is supported by a good suite of contributed modules which makes it possible to revision content and define workflows. govCMS builds on this and ships a sensible set of user roles which are used as the foundation for content workflow. The end result is a system which works out of the box. It can also be extended to handle custom workflows if required.


It is important to recognise a couple of aspects about this setup. We identified that content approvers can both create and approve content, removing the chance for a second person to sanity check the content. The handling of files is also an area where a pragmatic setup could open the door for materials to be published without the oversight of a second person. Government agencies should be aware of these concerns given that they are responsible for the content which is published on their sites.

About Morpht

Morpht is a Sydney based Drupal web development company. We are Acquia partners on govCMS and as such are able to implement govCMS sites onto the govCMS hosting platform supported by Acquia. We have six Acquia certified developers on staff and are experienced in all aspects of Drupal site development. We are happy to answer any questions you may have about this article or govCMS. Please get in touch.


More like this