Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.
By benstallings on
Apologies if this issue has already been covered elsewhere: I searched and didn't find it. If so, please provide a link. Thanks!
Running Drupal 5.15 on a very large site (tens of thousands of nodes, so rebuilding permissions takes prohibitively long) with dozens of modules enabled. Every few days, one user or another reports that parts of the site are returning Access Denied, when they should not. When I look into the problem, it invariably turns out that the nodes' permissions -- along with hundreds of others -- have changed in the node_access table, such that anonymous users have grant_view and authenticated users have no entry, like so:
56707 1 content_access_rid 1 0 0
There may be other entries for other roles, but no entry for gid 2 (authenticated).
Although we have the Content Access module enabled on the server, the content types affected by this problem are *not* of the types that have node-level permissions enabled, they are the ones that should be getting their permissions from their content types, and when I check the access control settings in Drupal, they are always correct. Also, the nodes affected are always older ... any content newer than a week or so is unaffected.
I have tried changing the entries in the database to
56707 0 all 1 0 0
and that makes the problem go away for a few days, but then it changes back. I have also tried adding an entry for gid 2:
56707 1 content_access_rid 1 0 0
56707 2 content_access_rid 1 0 0
and that likewise makes the problem go away for a few days, but then the added row disappears and we're back where we started.
Am I correct in guessing that the "all" realm is a newer and better approach than the dual "content_access_rid" entries? If so, am I on the right track by guessing that one or more of my modules may be trying to use the old approach and removing the "all" entries it doesn't understand? If so, where do I start looking? Like I said, we have a lot of modules...
The modules that are implicated in access control:
- ACL 5.x-1.6
- Content Access 5.x-1.4 (but as I said, the nodes that lose their permissions are not the types with node-level permissions)
- Forum Access 5.x-1.11 (but forum posts have not been affected either)
- CCK Field Permissions 5.x-1.10
Any help in tracking this down would be appreciated. Thanks in advance!
Comments
I've been having the same
I've been having the same problem after removing taxonomy_access. Every few days, i had to revisit the node_access table and manually add the records... but just found the post http://solr.robshouse.net/node/122476, which reminds you to "rebuild permissions" on the post settings page... interesting this removes all records from node_access, and creates a new one with 0,0,all,1,0,0 - makes me think nid=0 is a global to cover all nodes.
Fingers crossed that has fixed it as it was doing my head in!