diff --git a/og.field.inc b/og.field.inc
index c066192..db45bab 100644
--- a/og.field.inc
+++ b/og.field.inc
@@ -402,19 +402,21 @@ function og_field_attach_form($entity_type, $entity, &$form, $form_state, $langc
  */
 function og_field_widget_form_validate($form, &$form_state) {
   if (!empty($form[OG_AUDIENCE_FIELD][LANGUAGE_NONE]['#hidden_selected_gids']) && $gids = $form[OG_AUDIENCE_FIELD][LANGUAGE_NONE]['#hidden_selected_gids']) {
-    // Rebuild the form state values.
-    foreach ($form_state['values'][OG_AUDIENCE_FIELD][LANGUAGE_NONE] as $key => $value) {
-      $gids[$value['gid']] = $value['gid'];
-    }
+    // Rebuild the form state values if OG_AUDIENCE_FIELD exists within form values.
+    if (isset($form_state['values'][OG_AUDIENCE_FIELD])) {
+      foreach ($form_state['values'][OG_AUDIENCE_FIELD][LANGUAGE_NONE] as $key => $value) {
+        $gids[$value['gid']] = $value['gid'];
+      }
 
-    $delta = 0;
-    $value = array();
-    foreach ($gids as $gid) {
-      $value[LANGUAGE_NONE][$delta]['gid'] = $gid;
-      ++$delta;
+      $delta = 0;
+      $value = array();
+      foreach ($gids as $gid) {
+        $value[LANGUAGE_NONE][$delta]['gid'] = $gid;
+        ++$delta;
+      }
+      // Set the new values.
+      form_set_value($form[OG_AUDIENCE_FIELD], $value, $form_state);
     }
-    // Set the new values.
-    form_set_value($form[OG_AUDIENCE_FIELD], $value, $form_state);
   }
 }
 
@@ -769,4 +771,4 @@ function og_field_audience_autocomplete($field_name, $string = '') {
     $matches[$label . " [gid:$gid]"] = '<div class="group-autocomplete">' . $label . '</div>';
   }
   drupal_json_output($matches);
-}
\ No newline at end of file
+}
diff --git a/og.install b/og.install
index ccad8c1..5745d7e 100644
--- a/og.install
+++ b/og.install
@@ -52,6 +52,7 @@ function og_uninstall() {
     'og_skip_access',
     'og_update_batch_size',
     'og_upgrade_7001',
+    'og_node_access_strict',
   );
   foreach ($vars as $var) {
     variable_del($var);
diff --git a/og.module b/og.module
index cfec436..c444afe 100644
--- a/og.module
+++ b/og.module
@@ -430,36 +430,35 @@ function og_node_access($node, $op, $account) {
 
   $type = is_string($node) ? $node : (is_array($node) ? $node['type'] : $node->type);
   if (in_array($op, array('update', 'delete'))) {
-    if (og_is_group_type('node', $type) && $group = og_get_group('node', $node->nid)) {
-      $return = NODE_ACCESS_DENY;
-      // The node is a group.
-      if (og_user_access($group->gid, $op . ' group', $account)) {
-        $return = NODE_ACCESS_ALLOW;
-      }
+    $access = og_user_access_entity('administer group', 'node', $node, $account);
+
+    if (is_null($access)) {
+      // The node isn't in an OG context, so no need to keep testing.
+      return NODE_ACCESS_IGNORE;
     }
-    // A single content type can act as a group and as group content, so make
-    // sure that even if the user doesn't have access on the group itself,
-    // further access checks are performed.
-    // However if we already have access, then skip the following access checks.
-    if ($return != NODE_ACCESS_ALLOW && og_is_group_content_type('node', $type) && $gids = og_get_entity_groups('node', $node)) {
-      $return = NODE_ACCESS_DENY;
-      // We don't have a context, so we need to get all the permissions
-      // of all the groups. We don't intersect with the user's group, as
-      // groups might allow anonymous members access.
-      foreach ($gids as $gid) {
-        if (og_user_access($gid, "administer group", $account) ||
-          // Any content.
-          og_user_access($gid, "$op any $type content", $account) ||
-          // Users own content.
-          (og_user_access($gid, "$op own $type content", $account) && $node->uid == $account->uid)) {
-          $return =  NODE_ACCESS_ALLOW;
-          break;
-        }
-      }
+    else {
+      $access = $access ||
+        // Any content.
+        og_user_access_entity("$op any $type content", 'node', $node, $account) ||
+        // Own content.
+        og_user_access_entity("$op own $type content", 'node', $node, $account);
     }
+
+    if (!$access && $op == 'update' && og_get_group('node', $node->nid)) {
+      // The node is a group, so check "update group" permission.
+      $access = og_user_access_entity('update group', 'node', $node, $account);
+    }
+
+
+    if ($access) {
+      return NODE_ACCESS_ALLOW;
+    }
+
+    // Check if OG should explicitly deny access or not.
+    return (variable_get('og_node_access_strict', TRUE)) ? NODE_ACCESS_DENY : NODE_ACCESS_IGNORE;
   }
 
-  return $return;
+  return NODE_ACCESS_IGNORE;
 }
 
 /**
diff --git a/og.test b/og.test
index 9bd8377..108f135 100644
--- a/og.test
+++ b/og.test
@@ -413,6 +413,114 @@ class OgGroupApi extends DrupalWebTestCase {
 }
 
 /**
+ * Test Group node access. This will test nodes that are groups and group content.
+ */
+class OgNodeAccess extends DrupalWebTestCase {
+
+  public static function getInfo() {
+    return array(
+      'name' => 'Organic groups node access',
+      'description' => 'Test strict node access permissions for group nodes and group content.',
+      'group' => 'Organic groups',
+    );
+  }
+
+  function setUp() {
+    parent::setUp('og', 'entity_test');
+    module_enable(array('entity_feature'));
+
+    // Add OG group field to a the node's "page" bundle.
+    og_create_field(OG_GROUP_FIELD, 'node', 'page');
+
+    // Add OG audience field to the node's "article" bundle.
+    og_create_field(OG_AUDIENCE_FIELD, 'node', 'article');
+
+    // Create an editor user and a group manager for these tests.
+    $this->editor_user = $this->drupalCreateUser(array('access content', 'edit any page content', 'edit any article content'));
+    $this->group_manager = $this->drupalCreateUser(array('access content', 'create page content', 'edit own article content', 'edit own page content'));
+
+    // Create group node.
+    $settings = array(
+      'type' => 'page',
+      OG_GROUP_FIELD . '[und][0][value]' => 1,
+      'uid' => $this->group_manager->uid
+    );
+    $this->group_node = $this->drupalCreateNode($settings);
+    $this->group = og_get_group('node', $this->group_node->nid);
+    $this->assertNotNull($this->group->gid, t('Found group id %gid on group object.', array('%gid' => $this->group->gid)));
+
+    // Create node to add to group.
+    $settings = array(
+      'type' => 'article',
+      'uid' => $this->group_manager->uid,
+    );
+    $this->group_content = $this->drupalCreateNode($settings);
+
+    // Add node to group via og_group() instead of via GROUP_AUDIENCE_FIELD.
+    $group_settings = array(
+      'entity type' => 'node',
+      'entity' => $this->group_content,
+      'status' => OG_STATE_ACTIVE,
+    );
+    og_group($this->group->gid, $group_settings);
+  }
+
+  /**
+   * Test strict access permissions for updating group node. A non-member of
+   * a group who has core node access update permission is denied access.
+   */
+  function testStrictAccess() {
+    // Set Node Access Strict variable.
+    variable_set('og_node_access_strict', TRUE);
+
+    // Login as editor and try to change the group node and group content.
+    $this->drupalLogin($this->editor_user);
+
+    $this->drupalGet('node/' . $this->group_node->nid . '/edit');
+    $this->assertResponse('403', t('A non-member with core node access permissions was denied access to edit group node.'));
+
+    $this->drupalGet('node/' . $this->group_content->nid . '/edit');
+    $this->assertResponse('403', t('A non-member with core node access permissions was denied access to edit group content node.'));
+
+    // Login as a group manager and try to change group node.
+    $this->drupalLogin($this->group_manager);
+
+    $this->drupalGet('node/' . $this->group_node->nid . '/edit');
+    $this->assertResponse('200', t('Group manager allowed to access to edit group node.'));
+
+    $this->drupalGet('node/' . $this->group_content->nid . '/edit');
+    $this->assertResponse('200', t('Group manager allowed to access to edit group content node.'));
+  }
+
+  /**
+   * Test non-strict access permissions for updating group node. A non-member
+   * of a group who has core node access update permission is allowed access.
+   */
+  function testNoStrictAccess() {
+    // Set Node Access Strict variable.
+    variable_set('og_node_access_strict', FALSE);
+
+    // Login as editor and try to change the group node and group content.
+    $this->drupalLogin($this->editor_user);
+
+    $this->drupalGet('node/' . $this->group_node->nid . '/edit');
+    $this->assertResponse('200', t('A non-member with core node access permissions was not denied access.'));
+
+    $this->drupalGet('node/' . $this->group_content->nid . '/edit');
+    $this->assertResponse('200', t('A non-member with core node access permissions was not denied access to edit group content node.'));
+
+    // Login as a group manager and try to change group node.
+    $this->drupalLogin($this->group_manager);
+
+    $this->drupalGet('node/' . $this->group_node->nid . '/edit');
+    $this->assertResponse('200', t('Group manager allowed to access to edit group node.'));
+
+    $this->drupalGet('node/' . $this->group_content->nid . '/edit');
+    $this->assertResponse('200', t('Group manager allowed to access to edit group content node.'));
+  }
+}
+
+/**
  * Test Group content handeling.
  */
 class OgGroupAndUngroup extends DrupalWebTestCase {
@@ -1251,4 +1359,4 @@ class OgMigrateGroupMembershipTestCase extends OgUpgradePathTestCase {
     // Assert the created time was updated.
     $this->assertEqual($group_memberships[2]->created, 1000000000, t('Create date was upgraded.'));
   }
-}
\ No newline at end of file
+}
diff --git a/og_field_access/og_field_access.test b/og_field_access/og_field_access.test
index 2ee63e3..28b4964 100644
--- a/og_field_access/og_field_access.test
+++ b/og_field_access/og_field_access.test
@@ -130,4 +130,4 @@ class OgFieldAccessTestCase extends DrupalWebTestCase {
     $this->drupalGet('node/' . $node->nid . '/edit');
     $this->assertText($node->body[LANGUAGE_NONE][0]['value'], t('User can edit field of content not related to Organic groups.'));
   }
-}
\ No newline at end of file
+}
diff --git a/og_ui/og_ui.admin.inc b/og_ui/og_ui.admin.inc
index 1207a43..bc7e653 100644
--- a/og_ui/og_ui.admin.inc
+++ b/og_ui/og_ui.admin.inc
@@ -19,6 +19,13 @@ function og_ui_user_admin_settings($form_state) {
     '#default_value' => variable_get('og_group_manager_full_access', TRUE),
   );
 
+  $form['og_node_access_strict'] = array(
+    '#type' => 'checkbox',
+    '#title' => t('Strict node access permissions'),
+    '#description' => t('When enabled Organic groups will take full control of node access permission, and will deny access based on Organic groups access. Example: A content editor with the <em>Edit any page content</em> permission who is not a member of a group would be denied access to modifying page content in that group.'),
+    '#default_value' => variable_get('og_node_access_strict', TRUE),
+  );
+
   return system_settings_form($form);
 }
 
@@ -836,4 +843,4 @@ function og_ui_field_delete_form_submit($form, &$form_state) {
   module_load_include('inc', 'field_ui', 'field_ui.admin');
   field_ui_field_delete_form_submit($form, $form_state);
   $form_state['redirect'] = 'admin/config/group/fields';
-}
\ No newline at end of file
+}