Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.I created a View to display a list of nodes, using as the columns the Node:Title together with the fields Node:Link (view), Node:Edit link and Node:Delete links.
When (as an admin) I UNtick a role's permission to Edit content of a particular type (via the node module access section of the Permissions page), I can subsequently control (via User Mgmt-->Access Control by Taxonomy) the absence/presence of these links for the selected Taxonomy terms. So far, so great.
However logging in as a normal user (in the relevant role) and clicking on the edit or delete links produces the error "You are not authorized to access this page".
When I then grant (ie tick on the node module access section) the permission to Edit, the edit link appears for *all* content of that type regardless of the value of the Taxonomy term.
In other words, it seems that Permissions granted in the node access section override whatever is set under "Access Control by Taxonomy", but when the node module access section is left blank, the "Access Control by Taxonomy" only work in appearance, not in functionality.
Very much the same kind of bug exists for the regular TAC module.
Comments
Comment #1
Dave Cohen commentedIf permission is granted to view, edit or delete in the normal permissions, then it doesn't matter what any node access module does, the user has permission. That's by design.
Sounds like you need to troubleshoot your node access grants. Enable the devel module and the devel_node_access module which comes with it. Enable the devel node access block in the footer of your page. Then view some of these nodes and see what the node access table has to say about them.
Comment #2
rdeboerThink it was due to that silly published status flag, which suppress any view/update/delete rights that were granted....
Comment #3
Dave Cohen commentedI've seen some threads suggesting ways to make those permissions more flexible, but as far as I know its still that way even in Drupal 7. I agree its silly.