diff --git a/entityreference.admin.inc b/entityreference.admin.inc
new file mode 100644
index 00000000..5d1caa31
--- /dev/null
+++ b/entityreference.admin.inc
@@ -0,0 +1,23 @@
+<?php
+
+/**
+ * @file
+ * Settings form.
+ */
+
+/**
+ * Module settings page.
+ */
+function entityreference_admin_settings_form($form, &$form_state) {
+  $form['entityreference_update_implies_view'] = array(
+    '#type' => 'checkbox',
+    '#title' => t('Permissive access'),
+    '#description' => t('This setting controls access to view data using an entity reference. Most sites should use the default (unticked), which means using standard Drupal access. ') .
+      t('If ticked, this module grants view access  to users with permission to update the referenced entity. This is slower, and can lead to values being shown unexpectedly. ') .
+      t('However it can avoid access denied error messages, especially with unpublished content.'),
+    '#default_value' => variable_get('entityreference_update_implies_view', FALSE),
+    '#required' => FALSE,
+  );
+
+  return system_settings_form($form);
+}
diff --git a/entityreference.info b/entityreference.info
index 2557e5d6..e430185e 100644
--- a/entityreference.info
+++ b/entityreference.info
@@ -2,6 +2,7 @@ name = Entity Reference
 description = Provides a field that can reference other entities.
 package = Fields
 core = 7.x
+configure = admin/config/system/entityreference
 
 dependencies[] = entity
 dependencies[] = ctools
diff --git a/entityreference.install b/entityreference.install
index 5fe29481..783a143e 100644
--- a/entityreference.install
+++ b/entityreference.install
@@ -164,6 +164,16 @@ function entityreference_update_7002() {
   }
 }
 
+/**
+ * Turn on "update implies view" for existing sites to match the behaviour in earlier versions.
+ * Issue https://www.drupal.org/node/1909436 introduced "update implies view".
+ * Issue https://www.drupal.org/node/2292451 makes this an optional setting,
+ * default off for new sites, default on for constistency for existing sites.
+ */
+function entityreference_update_7003() {
+  variable_set('entityreference_update_implies_view', TRUE);
+}
+
 /**
  * Remove duplicate rows in the taxonomy_index table.
  */
diff --git a/entityreference.module b/entityreference.module
index 26e9d2df..850dad11 100644
--- a/entityreference.module
+++ b/entityreference.module
@@ -114,6 +114,14 @@ function entityreference_theme($existing, $type, $theme, $path) {
 function entityreference_menu() {
   $items = array();
 
+  $items['admin/config/system/entityreference'] = array(
+    'title' => t('Entity reference'),
+    'description' => t('Entity reference settings'),
+    'page callback' => 'drupal_get_form',
+    'page arguments' => array('entityreference_admin_settings_form'),
+    'access arguments' => array('administer site configuration'),
+    'file' => 'entityreference.admin.inc',
+  );
   $items['autocomplete/single/%/%/%'] = array(
     'title' => 'Entity Reference Autocomplete',
     'page callback' => 'entityreference_autocomplete_callback',
@@ -1082,9 +1090,7 @@ function entityreference_autocomplete_callback_get_matches($type, $field, $insta
   $entity = NULL;
   if ($entity_id !== 'NULL') {
     $entity = entity_load_single($entity_type, $entity_id);
-    $has_view_access = (entity_access('view', $entity_type, $entity) !== FALSE);
-    $has_update_access = (entity_access('update', $entity_type, $entity) !== FALSE);
-    if (!$entity || !($has_view_access || $has_update_access)) {
+    if (!$entity || !entityreference_check_access($entity_type, $entity)) {
       return MENU_ACCESS_DENIED;
     }
   }
@@ -1317,9 +1323,7 @@ function entityreference_field_formatter_prepare_view($entity_type, $entities, $
         // Replace the instance value with the term data.
         $items[$id][$delta]['entity'] = $target_entities[$item[$column]];
         // Check whether the user has access to the referenced entity.
-        $has_view_access = (entity_access('view', $target_type, $target_entities[$item[$column]]) !== FALSE);
-        $has_update_access = (entity_access('update', $target_type, $target_entities[$item[$column]]) !== FALSE);
-        $items[$id][$delta]['access'] = ($has_view_access || $has_update_access);
+        $items[$id][$delta]['access'] = entityreference_check_access($field['settings']['target_type'], $target_entities[$item['target_id']]);
       }
       // Otherwise, unset the instance value, since the entity does not exist.
       else {
@@ -1435,6 +1439,29 @@ function entityreference_field_formatter_view($entity_type, $entity, $field, $in
   return $result;
 }
 
+/**
+ * Check if we should allow 'view' access to a given entity.
+ *
+ * @param $entity_type
+ *   The entity type.
+ * @param $entity
+ *   The entity.
+ */
+function entityreference_check_access($entity_type, $entity) {
+  // By default we make a simple check for 'view' access to the entity.
+  if (entity_access('view', $entity_type, $entity) !== FALSE) {
+    return TRUE;
+  }
+
+  // If configured, we can also allow access based on 'update' access to the entity.
+  // See https://www.drupal.org/node/1909436.
+  if (variable_get('entityreference_update_implies_view', FALSE) && (entity_access('update', $entity_type, $entity) !== FALSE)) {
+    return TRUE;
+  }
+
+  return FALSE;
+}
+
 /**
  * Exception thrown when the entity view renderer goes into a potentially infinite loop.
  */