Access Control

Several months ago, I was tasked with creating some way to assign roles to users in groups. I installed the og roles module. What I discovered was that this module simply assigned a role to a user, not to a user in a particular group. I realized what I needed was a way to assign a role to a user in a way so that the user would only have this role in this particular group, not sitewide and certainly not in all groups. To do this, I needed to understand Drupal permissions and Access Control worked. My progress on this particular task is here:

Fast forward a few months later, when I was trying to use OG and Taxonomy Access Control (TAC). To my horror, I discovered that if a node was posted to a group, a user who was not in the group could access the node if he had access to the Taxonomy term. And, vice versa, if a user was in a group that the node belonged to, but DID NOT have access to the Taxonomy term, he could still access the node. This, in my opinion, was two Access Control systems tolerating each other, not working together. My progress on ths particular task is noted here:

So, I set about, merrily hacking my way through, until I had resolved both issues. Unfortunately, hacking Drupal core code is not a very good long term solution. And, when I applied for a project for my og user roles module, Drupal Admin told me as much.

What I needed was an environment where I could discuss my ideas with like minded folk who wanted to achieve the same goal: Get Drupal Access Control to open up so that various ACS (access control systems) from various modules could work together instead of at cross purposes as they do now.

That's why I created this discussion group. My first task is to work on getting og user roles approved as a project. For that, I need to figure out how to get it working without hacking the user_access function in the user.module.

That's the plan.

khan2ims's picture

Drupal Developer | New Earth Marketing

Employment type: 
Full time
Employment type: 
Part time
Employment type: 

We are a fast growing Canada based company having development center in India. We currently have a good team of 15 developers and designers. For our growing needs, we are on look out for some more Drupal Developers having at least 2 years of experience in Drupal with experience ranging from Views, CCK, OG Groups and custom module development.

You must be willing to meet tight schedules and complete projects within the project time line. For the right candidate, it would be continuous work.

Read more
Pentalog Viet Nam's picture

Chuyên gia về Drupal | Pentalog Vietnam

Employment type: 
Full time

Để triển khai một dự án xây dựng trang mạng dành riêng cho cộng đồng IT dựa trên Drupal và PHP, Pentalog Việt Nam tuyển dụng Chuyên gia về Drupal. Chi tiết sẽ trao đổi khi phỏng vấn.

Yêu cầu:

  • Có kinh nghiệm chuyên sâu về Drupal
  • Có kinh nghiệm về phát triển lập trình web sử dụng PHP
  • Có kinh nghiệm/hiểu biết về Java, Access
  • Sử dụng lưu loát tiếng Anh
  • Biết tiếng Pháp là một lợi thế

Quyền lợi:

  • Khả năng phát triển sự nghiệp tại một công ty đa quốc gia lớn mạnh
  • Nhiều cơ hội công tác và đào tạo tại Châu Âu
  • Lương, thưởng hấp dẫn
Read more
nsputnik's picture

Video on Node Access by hefox and drupaldojo

Check it out.

This session will cover how drupal controls access (who can view, create, edit, and delete) nodes/content. It will cover how drupal checks access, what modules can do to expand on that, and what you can do to insure that access is being checked. There will be some code, but mostly as background images.

nsputnik's picture

Node access per user

I need a way for one or two super users to grant access to nodes on a per user basis. I have tried nodeaccess but I don't get a list of which users have access to which nodes which is very important. And in order to grant access I need to type in a user's name. In the node edit, I would like a list of user names in the system with a checkbox for access. With nodeaccess I can't see how to remove access for a user, I only see a way to grant it. I don't want to grant accesss by role, that would mean making a new role for every new user.

manuj_78's picture

How to stop nodes from being added when js is disabled


Is there any way to prevent nodes from being added to the site if javascript is disabled?

Read more
oxford-dev's picture

Cloning permissions from one node to another

I have a gallery setup whereby a gallery is a node and a gallery can have many child image nodes.

So far so good.

However, I would like to configure the setup so that when a user sets the node access permissions for the gallery (using UserRElationships Node Access), that same permission is applied to all child nodes.

I was thinking that this could be achieved in triggered rules, eg after a gallery is updated and after an image is created.

However I cant find out how I:

a) get the permissions of a particular node


b) set the permissions of a node.

Read more
gmclelland's picture

Multiple Calendars

I wanted to poll this group to see what is the best way to manage access control multiple calendars in drupal.

I have a site where I need to be able to create some calendars public and some calendars private.

I need to control which users / roles has permissions to add an event to the calendar and which users /roles can view the calendar's events.

So far the only techniques I can think of are
1. Use Event content type with tags - create a vocabulary for Calendars with each term as a calendar - restrict with a taxonomy access control module

Read more
jaochoo's picture

Hierarchical corporate structure for an intranet

We are building our new intranet on Drupal. We are a group of companies, i.e. our organizational structure consists of sub-companies, which again have sub-companies or departments, which also can have sub-departments and/or employees belonging to them. We need to have this organizational structure in our Drupal-based intranet system, both:
1) in terms of content: displaying the corporate structure as a hierarchical list of companies, sub-companies, departments; displaying employee listings per company and department;

Read more
MXT's picture

Impossible to do with Drupal?

Hi everybody, and sorry if I'm not in the right place.

I'm desperate. After 4 months of every kind of exsperiments studies and tests, I can't achive this simple (i think) site configuration:



  • In my site I have only one type of content type: ARTICLE
  • Articles are categorized with taxonomy vocaboularies.
  • I have 2 types of users roles: editors and moderators.
  • I want that these users were grouped as Departments: every moderator has his own department, with his editors.
  • Read more
    jlambert's picture

    Senior Drupal Engineer / Programmer | WorkHabit, Inc.

    Employment type: 
    Full time
    Employment type: 

    drupal, development, contract, fulltime, developer, mobile, jquery, job, jobs

    Do you consider yourself to be a Senior Drupal Programmer? Are you passionate about doing great things with your career? Looking for a place to unleash it, working with a great team on some of the leading projects in the Drupal Community?

    For five years, we've been working almost exclusively with Drupal, and we're looking for a few outstanding members to join our teams in San Francisco and New York City.

    What we're looking for:

    Read more
    seth97's picture

    Access control with Organic Groups

    I have a site with organic groups. When a user submits a content type within a group I would like the user to choose between three levels of access for the node:
    1) Open: the whole world (anonymous)
    2) Restricted: authenticated
    3) Private: members of the current group

    Point 3) is achieved with the 'Public' check-box provided by OG, but how do I get point 1) and 2)?

    I have tried simple_access and nodeaccess, but it doesn't seem to go well with OG. I am running D5.

    Any ideas how to get this three levels of access on each node submitted within a group?

    Read more
    alexharries's picture

    Idea: Menutree Permissions module - cascading menu-level access control by role/user ID - input needed :o)

    Hello everyone,

    I'm a complete newbie to writing Drupal apps and having not yet found anything which fits my needs properly, I'm setting out on writing a node access module which uses the site's primary navigation menu structure to define access permissions.

    I'm still at a very early stage of planning, and the use case for the module is pretty specific, so I haven't even begun to consider all the "what-if"s associated with, say, what happens when the site admin decides to reassign the primary menu.

    Read more
    abi's picture

    Drupal Coder Needed in Manhattan (New York) | Rent the Runway

    Employment type: 
    Full time
    Employment type: 
    Not allowed

    VC-Backed startup looking for coders who can write and fix custom drupal modules has already been covered by fast company, The New York Times, and Instyle magazine and has official launch Monday, 11/9/2009 = an exciting time to be joining this rapidly growing company
    Uber Cart and booking reservation system experience preferred
    To start ASAP
    full and part time applicants considered, compensation + equity
    Please contact and with your resume

    xjm's picture

    Proposal for a module: TAC fields

    I'm considering developing a module to extend the functionality of TAC to role/field combinations. TAC works wonderfully for controlling access to whole nodes based on their taxonomy, but it's all-or-nothing; the module currently has no way of leveraging the per-field access control offered by Content Permissions.

    I don't think the functionality belongs in TAC itself, as my proposed module is an additional layer of complexity that's specific to CCK content types.

    Read more
    abi's picture

    Making content type only for groups

    I have site where we are introducing groups, problem where i am stuck right now is i want to create new content type which can only be added by members who belong to atlest one group. if they are not member of any group they cant add that content type. I cant make audience required as there are other content types in system which can be added on site without any audience.

    Any ideas ? any solutions ? any work around ?


    superbaloo's picture

    taxonomy_access_user module review

    Hi drupal !

    I'm posting here to request a review of a module i'd just coded and that i would
    like to submit on Before doing this, i would like someone to review
    my module. Even if i'm pretty confident with my code which i've been testing for last
    2 weeks, i would prefer others' advice.

    About the module :
    This module provides taxonomy based user control for user but unlike modules already
    available on with inheritance notion. For more information please read the
    README (available below).

    Thank you by advance.

    Code is available here on github :
    Or as a tgz :

    Read more
    rockitdev's picture

    Multisite or Access Control Model?

    I'm currently doing a proof of concept for Drupal as our Enterprise wide CMS. Our current site is The current site is in a complete mess, and lacks and any decent functionality. We currently have 160+ sections on this site with approximately 200 contributors managing their own content.

    Read more
    nicholas.alipaz's picture

    Access Control for Administrative Tasks/Areas

    Something I have had issues with on multiple sites I have worked on is administrative areas and permissions.

    If I build a site for a client and then decide I want the client to be able to edit certain areas of the admin panel ("/admin/settings/site-information") but I don't want them to have full access to the administration area then there really isn't a good solution.

    So, I ask... What exactly can be done about the issue? What would be some of the best work arounds?

    Read more
    borfast's picture

    Flexible access control

    Some time ago I proposed a new access control system for Drupal, which would allow the creation of access rules based on various criteria, kind of like the filters in Views.

    Read more
    SocialNicheGuru's picture

    Comprehensive list of Content access modules and how to enable them to work together

    I created a list of content permission modules that I have encountered with their weights on my system.

    1. Can we create a comprehensive list?
    2. How can they work together or should they. From your experience, what has been the worst and best combinations ?
    3. what effect does module weight have on implementation of access? is it true that if access is already granted, it will not be restricted by another module that comes into play later?

    Weight/ Name/ Version/ Brief description

    0 Content Permissions 6.x-2.x-dev Set field-level permissions for CCK fields.
    (admin determines)

    Read more
    Subscribe with RSS Syndicate content

    Access Control

    Group organizers

    Group notifications

    This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds: