OG Content Access
Drupal has a flexible access control list (ACL) system, where it provides permissions and roles (also known as RBAC, Role Based Acess Control) per user. This eases administrators job by allowing them to group users into different classes or cateogories (roles) to create differentiation in user’s capabilities. While this fits most web applications built on top of Drupal it doesn’t fit them all.
Drupal’s fault at this is that it is designed to be very permissive by default. In most cases, this means that users are generally allowed to see everything (even though they may not be able to create, edit or delete). This is the case with Organic Groups as well. When users in a Drupal+OG website becomes a member of a community, they may not be able to create/edit/delete some content types, but they will definitely, by default, be able to see (have read permissions, per say) all of the content in that group.
This is where OG Content Access module comes in… it provides the ability to rely on group-specific roles for providing (view/load) access to specific content. The use-case is as follows: you have a group with several content types – blog, announcements, file downloads. Any members of that group will automatically have access to view any of the above contents. You can control access to create, delete, and edit content for different roles, yes, but every member will always have access to view all of the contents of a group.
With this module you can restrict viewing each content to different members by setting the role which is allowed to view/access each content and then, within the group context you may assign roles as necessary for each member.
I’ve actually explained more about the mechanics of how this works in a series of previous articles: