Site administrators and site builders
When editing a content type, vocabulary, and so on, site administrators already have several tabs: Edit, Manage fields, and so on.
Starting with Drupal 9.4.0, there is a new tab, "Manage permissions", when appropriate. It lists just the permissions that depend on the given type.
For example, here is a screenshot showing the permissions for the Image media type in the Umami demo profile:
There are links to the new pages from the drop buttons in the Operations column of the listing page, such as /admin/structure/types or /admin/structure/taxonomy.
Module developers
This only applies to entity types that are bundles of other entity types. This restriction may be lifted in a future release.
If you want to enable the new Permissions page for your entity type, then add the following keys to the annotations:
handlers.route_provider.permissionslinks.entity-permissions-form
For example, see core/modules/media/src/Entity/MediaType.php:
* @ConfigEntityType(
* ...
* handlers = {
* ...
* "route_provider" = {
* "html" = "Drupal\Core\Entity\Routing\DefaultHtmlRouteProvider",
* "permissions" = "Drupal\user\Entity\EntityPermissionsRouteProvider",
* }
* },
* ...
* bundle_of = "media",
* ...
* links = {
* "add-form" = "/admin/structure/media/add",
* "edit-form" = "/admin/structure/media/manage/{media_type}",
* "delete-form" = "/admin/structure/media/manage/{media_type}/delete",
* "entity-permissions-form" = "/admin/structure/media/manage/{media_type}/permissions",
* "collection" = "/admin/structure/media",
* },
* )
The route provider should be either Drupal\user\Entity\EntityPermissionsRouteProvider or Drupal\user\Entity\EntityPermissionsRouteProviderWithCheck.
In order to access the form, users should have the administer permissions permission. If you use EntityPermissionsRouteProviderWithCheck, then access will be denied if there are no permissions that depend on the entity type.
The access check may be slow, especially on the collection page for the entity type, such as /admin/structure/media. If you know each entity will have related permissions, or if the access check causes performance problems, then use EntityPermissionsRouteProvider. If you want to avoid creating links to empty forms, then use EntityPermissionsRouteProviderWithCheck.
If your entity type is the bundle type of another type, and that type has the field_ui_base_route annotation, then the Permissions page will be added as a local task (tab) along with "Manage fields", "Manage display", etc.
Alternatively, a module can create a Permissions form by adding a new route. For example, if the filter module wanted a "Manage Permissions" page for each text format, managing the single permission use text format ..., then it could add the following code to filter.routing.yml:
entity.filter_format.permissions_form:
path: '/admin/config/content/formats/manage/{bundle}/permissions'
defaults:
_title: 'Manage permissions'
_form: 'Drupal\user\Form\EntityPermissionsForm'
bundle_entity_type: filter_format
requirements:
_permission: 'administer permissions'
options:
parameters:
bundle:
type: 'entity:filter_format'
with_config_overrides: true
The module will probably also want to add a local task for the new page.
