Route access checking basics

Last updated on

29 May 2024

This documentation needs work. See "Help improve this page" in the sidebar.

Simple access checking with permissions/roles

The route data structure allows you to specify permissions and/or roles that are required to access the route.

Multiple access checks

If a route has multiple access checks, the andIf operation is used to chain them together: all results must be AccessResult::allowed() otherwise access will be denied. Returning an AccessResult::neutral() and an AccessResult::forbidden() object does not make any difference. This is different to entity access checks: that one is using orIf and a Neutral result might become Allowed (if there are no Forbidden results but there is an Allowed). See this Drupal core issue for more information about this discrepancy.

Help improve this page

Page status: Needs work

You can:

Log in, click Edit, and edit this page
Log in, click Discuss, update the Page status value, and suggest an improvement
Log in and create a Documentation issue with your suggestion

On this page

Access checking on routes

Route access checking basics

Simple access checking with permissions/roles

Multiple access checks

Help improve this page

News items

Our community

Documentation

Drupal code base

Governance of community