Permissions by Term Logo

For this module Acquia has published an article in their "Drupal 8 Module of the Week" series.

Presentation of the PbT module by a YouTube video

Further external resources

Why Permissions by Term module?

Per default Drupal allows you only to restrict access to Drupal nodes by coupling node content types to user roles and the creators of the content by their user account. The Permissions by Term module extends Drupal by functionality for restricting access to single nodes via taxonomy terms. Taxonomy terms are part of the Drupal core functionality. Taxonomy term permissions can be coupled to specific user accounts and/or user roles.

Additionally Permissions by Term module restricts access to taxonomy terms at the node edit form for content editors. Like the access restriction for nodes, also by single user accounts and user roles.

The Permissions by Term module provides features for the front- and backend. No programming skills required. This module can be handled by Drupal site builders via the user interface in the web browser.

Frontend Features

  • Restricts users from accessing the nodes related to specific taxonomy terms by their roles and/or specific user accounts.
  • Restricts users from access to forbidden nodes in views.

Administrator/Editor Backend Features

  • Disallows users with administrative permissions by their role and/or user account to select taxonomy terms on the node edit form, for which they don't have access.
  • Restricts access to nodes also on the backend side by user account and/or user role.
  • Drupal 8 version only: To edit a certain node, users must have access to the related taxonomy term.

Module's setup

Example Use Cases

The module works for you, when you need to separate content from users.

  • Premium content areas for specific users and user roles.
  • School websites with content that can be accessed only by students from a specific class.
  • Intranets for consultants and sales-people which have content with restricted rights.
  • Editorial boards with granular content permissions.

Evaluate the Permissions by Term module quickly at https://simplytest.me/

Just visit the website https://simplytest.me/, choose the Permissions by Term module and this zero-priced service will setup a Drupal 7 or 8 website for you, so you can test the module's functionality without any risk and hosting effort.
Module's setup

How to setup the module's functionality on your Drupal-site?

  1. Install the module.
  2. Create a vocabulary and go to it's taxonomy term add/edit-form. In the top of the form you can see the term permissions settings. You can specify here, which roles and users can access this taxonomy term and it's related nodes.
  3. For the Drupal 8 version you are done here. Just define your permissions in a taxonomy term and attach the term by any entity relation field to the desired nodes.
  4. For the Drupal 7 version, you need 1 more field..
    • This field has to be a "taxonomy term relation"
    • and you have to use the following machine name for this field: "field_secured_areas". By this field you add the taxonomy terms to your Drupal nodes and the permissions get applied. Easy.
  5. That's all!

Module's setup

Please notice

  • As any other open-source project, PbT provides no warranty. Behind PbT stays no company, which would provide overall manual testing of PbT before an new release. Releases are currently made by 1 person. Please stay responsible before any update of the PbT module: do not directly update on your live system. Check the changes carefully on a "sandbox" Drupal instance which could might be your local development environment. Then apply the live-update after your manual check. So that any new PbT update will not break your website and annoy your clients.
  • The admin user (user with id "1") will bypass all access checks.
  • All nodes will be shown to users with the permission "bypass node access".
  • Be aware of this issue: https://www.drupal.org/node/2845735 (Performance improvement: Make the usage of the node access database optional). The usage of the node access grants system was implemented, because the views pager, the search results and the menus were showing nodes, to which users had no access. This brings an non-trivial performance footprint, since node_access_rebuild() is run on every node save via hook_node_presave(), every taxonomy term save via permissions_by_term_submit() and every user creation via hook_user_insert().

This module was created by the Drupal community and Peter Majmesku.

Project Information

Downloads