Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.
By turtle182 on
I've created a taxonomy for my site, as well as roles for various users based on which section of the site they will be using. For example, I created a specific user for my department. I have created an "administrator" role for my department and assigned my user account to that role. I created a category and terms for my department on the site and only assigned my administrator role permission to do anything but view the section. I gave this same role no more than view permissions on the other categories and terms. Yet when my user account creates content, it can assign it to any taxonomy category and/or term on the site.
How do I change this? This seems to defeat the purpose of category permissions if I am able to assign to any category regardless of permissions. I would like my department user account to only be able to assign taxonomy terms belonging to my user role to nodes my user account creates.
Likewise, I would like my user account to be able to create new taxonomy terms only within the parent category for the associated department. Right now it seems I can only give roles the ability to administer the ENTIRE taxonomy or nothing at all. Any ideas on how I can accomplish this, as well?
Comments
Please elaborate
Can you please explain in detail how you did this? --
I'd be glad to
I'd be glad to elaborate!
What I did was create a vocabulary for "Town Departments." Then in that vocabulary I created the term "Plymouth Community Channel 3." Then I created several terms with the parent "Plymouth Community Channel 3."
Then I created the role "pcc3 administrator." I gave it the following permissions in admin --> access control --> permissions:
Then under admin --> access control --> category permissions I gave this role view privileges onyl except in the case of the term "Plymouth Community Channel 3" and all its children terms. For these I gave it full privileges.
I then created my user account and assigned it to the "pcc3 administrator" role.
Access to nodes in categories, not taxonomy
Ah so you're using taxonomy access control. Just learned about it after your last post. Anyway, the way I understand it, from reading the documentation, is that the module controls permissions only to access to nodes in categories you specify, not to administering the taxonomy itself of these specific categories.
You need ..
.. something like "private tag-lists", or "private taxonomies" - better yet "group taxonomies".
Access Control Lists for acessing and using taxonomies and terms. I am finishing a module which does something similar to (domain, tag, node) tuples [I think Moshe Weitzman mad a tag-everything module, or at least talked about it] , although it's a larger n-tuple for the basic structure in an AAA (Authentication-Authorization-Audit) module, although no Radius-server in itself.
So the bottom line is that you need a flexible authorization system which could attach itself. Most modules attach things to nodes, so architecturally, things that are not nodes will not enjoy full Drupal flexibility. That's how Drupal works - most of the implemented hooks are for nodes.
You would therefore need a addon for taxonomies, if you would continue to use taxonomy for the purpose of "private taglists/taxonomies".
Folksonomy-based modules might have a better lead too ...
And the plot thickens. I
And the plot thickens. I just logged in as another user assigned to a different role. It was able to edit the nodes created by the other user. If these roles apply to nodes only, why is it my two different users in two different nodes are able to edit content created by the other?
Enabled administer nodes?
Perhaps you enabled administer nodes for these roles?
Is there anything in progress for this?
I need the exact same thing - an administrator can only admin a part of a certain taxonomy.
Nope. Only my "site
Nope. Only my "site architect" role has administer nodes enabled. But thanks for the suggestion!
Anyone have any ideas? I really want to get this resolved. Granular user management is the reason I chose the switch to Drupal and is the only thing holding me back from turning this site over to the Town, thus getting paid.
And since I have a Town department, I have a vested interest in making sure people can't edit everything, obviously, because they could edit my stuff or put their pages/stories in my section.
Ever got a solution?
Hi there. Have you ever got a solution for your issue? I have the same need as you over a flexible taxonomy access that works.