Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Lightweight module that extends read, update or delete permissions to a user in the following cases:
- "User": The node references the user
- "User's mail"The node references the user's e-mail
- "Profile value": The node has a value in a specified field that is the same as one in the user's profile
- "Inherit from parent": The node references a node or user that the user has certain permissions on.
In each case, the rule only applies to logged-in users with general permission to access nodes by reference, and only on the node types and field names set in the configuration page.
Permissions are "chainable", but note that there is no protection against infinite loops, so some care is advised in configuration.
Example
Let's suppose you have a content type Sailboat (yacht_profile). Apart from the conventional methods, to use our system to extend edit access, you can do one of the following three things:
1. "User": Add a user_reference field to the yacht_profile content type, edit a Sailboat node to reference User1, and in the box labeled Grant Access to User referenced in this field, enter yacht_profile|user_reference and save.
2. "Profile value": Add a number or text field to the yacht_profile content type, like a membership_number, and use that same field in the user profile. Edit both to have the same value. In the box labeled Grant Access to User with Common Profile Value, enter yacht_profile|membership_number.
3. "Inherit from parent": Create another content type called Fleet. Let the "owner" of the fleet be in charge of all the boats in that fleet. Create an entity reference field in yacht_profile called my_fleet. Give User1 edit access to a new Fleet node, and also edit one or more sailboat nodes to refer to that node in my_fleet. In the box labeled Grant Access to Editor of Referenced Node, enter yacht_profile|my_fleet.
In all cases, be sure to set permissions to allow authenticated users to use Access by Reference.
Other Node Access Modules
Version 8.x-2.x
There is a new version which supports:
- Read, Update and Delete actions
- The Drupal configuration manager
Version 3.x.x
Added Drupal 10 compatibility.
Supporting organizations:
Development
Project information
- Module categories: Access Control, Developer Tools
364 sites report using this module- Created by Cayenne on , updated
Stable releases for this project are covered by the security advisory policy.
Look for the shield icon below.
Releases
3.0.3
released 5 March 2024
released 5 March 2024
Works with Drupal: ^9.2 || ^10
✓ Recommended by the project’s maintainer.
Removing kint() reference (critical bug)
Install:
