Last updated 16 August 2016. Created on 21 June 2011.
Edited by JoshSoldan, cedewey, samwilson, chicagomom. Log in to edit this page.


There is no global configuration page for this module. It's coupled to content.

Configure Appropriate Permissions

On the Drupal Permissions page (People > Permissions or admin/people/permissions) grant your site's roles the desired permissions related to the Content Access module.

Setting Access Control

There are two ways of setting access to content - on a content type level and on a specific node level.

Setting Content Access for a Content Type

Each content type has access control settings. For the Basic Page content type it would be the following- Structure > Content types > Basic Page > Access Control or /admin/structure/types/manage/page/access

Setting Content Access for a Node

Content access settings can be set on a per node basis as well. First, the content type of the node must have the Enable per content node access control settings setting enabled. This is performed on the Content Access config page mentioned above.

The Access Control settings for the node is configured from the working tab on the node edit form (eg: node/1/access).

Example Use Case - Role Based Access Control

  • A client asked you to build a site with a section into which he or she can put his invoices, and only the client and the accountants in the company can access this section. The "section" in Drupal's terms is a content type we'll call invoice.

    Next, create user roles called "clients" and "accountants", and assign any users who are clients or accountants into these roles.

  • After creating the user roles and content type and enabling Content Access, go to the content type edit page for this content type (e.g. in Drupal 7 '' and in Drupal 6 ''). There you'll find a new tab called Access Control.
  • You find inside Access Control these basic Role Based Access Control Settings, for working with published content of this content type:
    • View any invoice content: Allow the checked role(s) to view the nodes (content) of this content type.
    • View own invoice content: Allow the author (from the selected roles) of the node to view it.
    • Edit any invoice content: Allow the selected role(s) to edit nodes of this content type.
    • Edit own invoice content: Allow the author (from the selected roles) of the node to edit it.
    • Delete any invoice content: Allow the selected role(s) to delete nodes of this content type.
    • Delete own invoice content: Allow the author (from the selected roles) to delete the author's own node of this content type.

    Note that users need at least the access content permission to be able to deal in any way with published content.

  • Back to our use case, you select View any content for the accountant & client roles.
  • Now published invoices will be only visible to people (users) from the previously selected roles. Be sure to test your configuration by logging out or logging in as another role and trying to view the node.
  • On this page you can also enable Per Content Node Access Control Settings.

Per Content Node Access Control Settings

If the Node-level access control box is checked for a specific content type, a new tab for the content access settings appears when viewing content. You have to configure permissions to access these settings at the site-wide permissions page (Drupal 7 = admin/people/permissions). There are two available permissions here:

  • Grant content access - View and modify the content access rules for any nodes on the site.
  • Grant own content access - View and modify content access permissions for a user's own nodes

Once node-level access control is enabled for a content type, roles that have been granted content access will see a new Access Control tab when viewing nodes for which they have content access control.

In addition to role-based access control (as above), the node-level access control page includes a section for creating and managing User Access Control Lists, which allow the user to grant access to specific users to view, update, and/or delete the node.

Select individual users to grant access by entering their name in the Add user lookup field.

Looking for support? Visit the forums, or join #drupal-support in IRC.


hermes_costell’s picture

I did everything the docs told me to do, disabled access to a certain page for anonymous users, cleared every cache in the neighborhood, and it never worked.

Then on a whim I went to admin/user/rules where I got a message like "you need to rebuild your access content rules" or something like that. I clicked on the link and it did its batch processing, and then the module worked.

Perhaps that's an addition for the above steps?

good_man’s picture

Good hint, but the rebuild permissions message is so clear, and appears everywhere if you didn't rebuild (it's a Drupal message behaviour). And I think the suitable place for your hint is installation page not basic usage.

AndrewKWilson’s picture

But this has happened to others (and myself). The best solution is to uninstall and reinstall the module. As soon as the module is reinstalled, choose to rebuild permissions immediately.

This is a great module!

jgoldbach’s picture

It's absolutely true that there are cases where you have to force the rebuild of permissions even after the module says it did so (though it was suspiciously quick). This should be part of the troubleshooting documentation.

I'm not sure if this is because my site previously used nodeaccess, because it was upgraded from Drupal 6 or what, but I tried everything I could get my hands on, and nothing worked until I forced the rebuild.

Also, no one included the link to rebuild for those who didn't know where it was (or that it was (needlessly) moved in D7). /admin/reports/status/rebuild or you can find the link on the status report.

Hope this saves someone some time.

loopy1492’s picture

Man, I don't know what's going on, but rebuilding just doesn't seem to be working. I even disabled the module, removed it from the directory, re-installed it, rebuilt permissions, set the permissions, then rebuilt AGAIN. Nothing changed.’s picture

1) Enable, rebuild Rules
2) Go to "Content Type X" Access settings and Enable "Per content node access control settings"
3) Go to Content node X Scroll to bottom till MENU and URL settings and try to look for "Content Access Option settings"

3) Fails to find the access configuration link

Seems like this fails due to other similar module installed (workflow module might be breaking this?)

gottaknow’s picture

This is a great module but I'm unclear on something. If you wanted to hide a node from certain users, and that node was in a menu, surely the menu item should follow the node and display or not display according to the access settings. It just doesn't make sense that the node is hidden but the menu item displays. Do you have to install another module to handle that? or hard code, I just don't get why it wouldn't be one of the same.

loopy1492’s picture

What global permissions need to be set? This still isn't working for me. Do I have to have "View published content" un-checked for this module to hide content types from users?

Basically, what I'm asking is, is "View published content" on the /admin/people/permissions page supposed to override the settings on the individual content types?

If so, that would be a good thing to add here.

loopy1492’s picture

Well, all that does is remove the user's ability to see ANYTHING. So apparently, "View Published Content" still needs to be checked. Not sure what I'm doing wrong here...

ancym’s picture

loopy, did you enable access control for the content type, eg for pages go to /admin/structure/types/manage/page/access, & check (for example) Enable per content node access control settings, the box halfway down the page, under PER CONTENT NODE ACCESS CONTROL SETTINGS (click to expand to see the checkbox).

After you do that, there will be a new access control tab on the edit page for that type of content.

Oh, also, It may be that you will need to go to admin/reports/status and click on the link to rebuild permissions

Putting this here to remind myself for the next time...

shah123’s picture

I am trying to use this module and I want only a Premium User role to be able to view a new content type Premium Content. For all the other roles the option to view, edit, create, all of them are unchecked.

Unfortunately even the anonymous user has no problem viewing the contents of the Premium Content type. Anyone has any input?

I have installed Taxonomy Access Control as well, and even that doesn't work.

Any ideas?

jucedogi’s picture

Just got around to using this module and it was quite complicated to get it to function as I wanted.
I had to follow these steps to do so:

  1. Install the module
  2. Enable the module
  3. Adjust accordingly on the content type I wanted to use this with
  4. Go to the status report page and rebuild permissions
  5. Adjust access as required on the your content
  6. Clear caches; otherwise it won't work!

Hopefully this step by step will make it clearer and end up helping someone.

Also as stated on these videos from the "How to" I was able to implement this using the Flag module (
What I did was the following:

  1. Install and enable Flag module
  2. Install and enable Rules module (; in case you don't have it
  3. Install and enable Cache actions module (
  4. After following the video step by step I modified the rules for flagged and unflagged having the following:
    • Content access -> Revoke access by role; and check all
    • Content access -> Grant access by role; and check accordingly
    • Cache actions -> clear cache bins; I selected them all

After these steps I finally had the site working with pages being able to be set as public and private in a node based way.

Once more hope this helps someone!

sam452’s picture

I've done the steps above, including uninstalling and reinstalling this module. But setting a node to not appear to anonymous users just doesn't work for me.
What's curious is the phrase "In addition to role-based access control (as above), the node-level access control page includes a section for creating and managing User Access Control Lists, which allow the user to grant access to specific users to view, update, and/or delete the node."
When I click on "access control" for a basic page (that has node-level access controls enabled for this content type) I see the same Role_based settings in the content type. For the life of me, I cannot find anything about this control described in this quoted sentence. I'm in Drupal 7 which was never upgraded from D6. I have also the Roles for menu module enabled, but disabling that module does not let me set anything for a node that prevents anonymous users from seeing this node as I would expect. What am I overlooking? thx, sam

sam452’s picture

Seeing that others found success with this module indicates something is goofy with my environment. Reading more generally about this topic I find that this app had another module that acted as access controller: taxonomy_access. Removing it reveals the module to work. The statement I referred is still not found in this module so if anyone is helped, the interface for node access is the same as for content types. It still works despite the re-use of the interface. Bottom line, verify you don't have another module doing the same thing enabled.