I haven't used Organic Groups for 7, but most of what you are trying to do is pretty straightforward. First I should say... if you need your site up ASAP and you don't have developer support, you might consider D6. In a month or two, things will be a lot better with D7, so if you can be patient obviously there are big advantages to D7.

Regarding per user access (only some members have access to...), you want:

Content access: http://drupal.org/project/content_access (a lot of work is being done on the D7 version at: http://drupal.org/node/690610)
ACL: http://drupal.org/project/acl (there is already a D7 beta version)

#4 built in to OG as long as you make the group "Private"

#5 only viewable by group. As long as you set the message to private this will work.

#6, built in basic to OG

#8, I'm not sure what you mean by "roles assigned to members of a group", like what for example. "Administering group members" is something that comes built in with Organic Groups and you don't use the Core-based permissions system. With the OG admin interface, any current group admin can assign another member of that group to also be an admin.

#9 The "audience" feature cover you there. On a per node (content) basis you can set the audience for that piece of content.

I think that gets you goin'.

Owner, Content2zero Web Development

On Fri, Feb 4, 2011 at 1:48 AM, Hasti Ziaimatin <h.ziaimatin@uq.edu.au> wrote:

Hi All,

I’m new to Drupal and have recently installed Drupal 7 release version and the Organic Groups (OG) module. However, I can’t seem to be able to configure permissions and roles to facilitate our access control specifications. I appreciate your help in providing me with a guideline to enable me to satisfy the following access control specifications:

Access control should be implemented for a knowledgebase system that facilitates collaborative knowledge management and research in a particular medical domain.

1.       Groups need to be created; these groups represent entities with knowledge and expertise in the particular medical domain
2.       Every group has an “owner” that can add members to the group

3.       The group owner loads/adds patient cases into the knowledgebase as content for the corresponding group
4.       Only members of the group can view these contents

5.       Contents loaded/added to a group cannot be viewed by members of other groups
6.       Members can only add content to the group/s of which they are a member

7.       Specific content in a group may need to be visible only to some members of the group
8.       Roles assigned to members of a group should be restricted to only that group unless the group owner specifically assigns that role to the user in another group.

9.       We would also like to look into enabling members of a group to have access to a subset of contents from another group.

Your help is much appreciated. I also looked at using OG User Roles (OGUR) ; however, this module isn’t available for Drupal 7.

Kind Regards,
Sara

--
[ Drupal support list | http://lists.drupal.org/ ]