I just noticed strange behavior when changing default grants for an existing content type.

We are using nodeaccess in one of our projects to manage permissions for a number of content types. A few of these content types have user reference fields in them but we are using none of the features of nodeaccess to give referenced users special privileges on nodes. Also, we are not using the "Show grant tab for this node type" option.

So this is what happens:

1) Content type 'page' has a user reference field (field_example) and very simple nodeaccess settings: One role may do everything with it, another may only view nodes. Authors can do everything. The user reference field settings in nodeaccess admin form are empty, the option to show the grant tab is disabled as well.

2) When creating a node of content type 'page', the node does not appear in the table 'nodeaccess'. As expected.

3) As soon as you edit this node and change the referenced user in field_example, the node does appear in the table 'nodeaccess'.

Expected behavior: The node does never appear in the above table because we did not enable any option for the user reference fields of this content types.

The problem with this is that nodes appearing in this table will never receive future permission updates.

I would gladly come up with a suggestion for fixing this, but I'm not sure how this whole user reference topic is supposed to work as I've never used it before. The only thing I know is that the above behavior feels like a bug ;)