Recently, after setting up permissions for certain nodes, visitors to the site were seeing "Access denied" errors on those nodes (and, in the case of the front page, the "Welcome to your new Drupal website!" message) - when I viewed them, they showed up properly. I then noticed that what the visitors were seeing was due to an issue with the nodes whose permissions I modified - anonymous users weren't given the "View" permission for those particular nodes.

Looking into it a bit deeper, I found out why this happened: if a role isn't enabled in the "Allowed Roles" fieldset of the settings page for Nodeaccess, it won't show up on the "Grant" page for a node and all three fields (View, Edit and Delete) for that role will be unchecked. This holds true even if that role has any/all of those permissions enabled for that type of node.

The only way to fix this for those nodes is to enable those roles in the "Allowed Roles" fieldset, save the Nodeaccess settings, and edit the grants for those nodes to enable those permissions for those roles. Nodes whose permissions are modified after this is done will not have this issue.

Comments

mantyla’s picture

Status: Active » Closed (fixed)

Fixed in the 1.2 version. There is a new admin option, on by default, that preserves permissions the user is not allowed to edit. I can't imagine a use case where it would need to be off though, so it will be gone in 2.0 and hidden grants will always be saved.