By bomarmonk on

Can someone tell me how to differentiate between ignore and deny settings in the taxonomy access module? I'm not quite sure why I would want to use ignore instead of deny? It's a fine distinction I am not familiar with. Thanks for any clarification.

Comments

cog.rusty’s picture

cog.rusty commented

Here is how I understanding it.

- "Deny" means "deny, no matter what other categories say."
- "Igonore" means "deny, except if another category allows".
- And "Allow" means "allow, except if another category denies".

If we set our categories to "ignore" for a given role, then it denies access to the nodes. However, just an "allow" from only one category is enough to allow this role access to the nodes.

If we used "deny" instead of "ignore" in our categories, we woud have to hunt down all these denying categories if we wanted to give access to the nodes -- an "allow" in only one category would not be enough.

stephthegeek’s picture

stephthegeek commented

Yep, that looks right to me.

For my site, for example, I have two forums that have access control on them. One is members only, where only paying subscribers can post. This has DENY set for anonymous, since they could never be in the paying subscriber role, and IGNORE set for authenticated, then ALLOW set for the subscriber role. However, I left "List" on so that other roles can see that the forum is there, just not access it. I also have another forum for moderators only, which follows a similar pattern, but List is turned off since there's no need for other users to see that it exists.

drupal92037’s picture

drupal92037 commented

I figured it out (I think) by trial & error. The difference is that if you select "Ignore", then the access depends on any other access mechanism you've set up. For example, if you set up permission for a user w/ specific role to be able to edit a content type, then using "Ignore" will defer to that mechanism. If you had set "Deny," then it'll deny access regardless of what other access mechanisms allow it.