Only permitted terms in the create or edit form

In the edit forms, like everywhere else, the user will see the terms they have permission to view. So if you want terms to not appear you must either take away view permission or implement your own hook_form_alter.

Your request has been made before, and I'm not convinced its the right behavior. Let's say you and can both edit a node, but I have permission to edit more terms than you do. I create a node and tag it with a term you cannot edit. Then you come along and edit the node, but you don't see the term I tagged it with (because you don't have update permission for it). Now when you hit submit the node is no longer tagged with that term. I think that would be a bug, created by the "feature" you are requesting.

This appears to be a logic bug in the existing code afaics, i.e. a user must not be able to edit a node tagged both 'engineering' and 'marketing' if they only have permission to update 'marketing'.

Edit permission should ONLY be given when the user has update permission on ALL of the tagged terms for the node. This makes logical sense in that a user should only be able to update content they have full permission for not partial permission.

This has been discussed many times. AND logic is appropriate for some sites. OR logic is appropriate for others. Neither is superior, but for whatever reason Drupal went with OR. This can't be changed from within tac_lite.

Support #309007: Add drupal_alter() after hook_node_access_records(), then you can write a module which allows admins to choose between AND and OR.