Modules for access control & publishing

Module Grants (
Enables access control for unpublished content and allows modules that operate on access grants to work together in the expected way.
Rules (
Lets you define conditionally executed actions based on occurring events. List of additional modules that provide actions for Rules:
Workflow (
Allows the creation and assignment of arbitrary "workflow states" to node types. Optionally allows content access control based on these states and roles.
Organic groups, aka OG (
Enable users (or site builders) to create and manage groups (or semi-independent site sections). Groups may be private, public, or include a mixture of the two. List of (many, many) related modules:
Taxonomy Access Control (
Requires Taxonomy.
"Access control for user roles based on taxonomy categories (vocabulary, terms)."
Content Access (
"This module allows you to manage permissions for content types by role and author. It allows you to specifiy custom view, edit and delete permissions for each content type. Optionally you can enable per content access settings, so you can customize the access for each content node."
Shibboleth authentication (
"Provides user authentication with Shibboleth (both v1.3 and v2.0) as well as some authorisation features (automatic role assignment based on Shibboleth attributes)." At Stanford, can be used to log in with SUNet IDs at least on non-AFS sites. At Davis, may be useable to log in with CAS authentication.
Stanford specific: WebAuth Module for Drupal, aka WMD (
Allows users to login and automatically create accounts using their SUNet IDs, via Stanford's WebAuth authentication. Includes optional access control by role per node.