How to configure permissions for use with TAC

This document summarizes permissions you should be aware of when configuring your site for use with Taxonomy Access Control (TAC). Permissions are sorted by the section of admin/user/permissions where they are listed.

Node module (admin/user/permissions#module-node)

• access content: Check in almost all cases. TAC cannot grant permission to view content if this is unchecked.
• administer nodes: Uncheck in most cases. This permission overrides TAC, so roles with this permission cannot be controlled using TAC's permissions.
• create [type] content: Check for roles that should be able to create content. TAC's Add tag permission can then restrict which terms the role may use. If this is unchecked, users will not be able to create nodes.
• delete any [type] content: Uncheck in most cases. If checked, it will override TAC and give the role global delete permission in that type, regardless of TAC permissions.
• edit any [type] content: Uncheck in most cases. If checked, it will override TAC and give the role global edit permission in that type, regardless of TAC permissions.

Taxonomy module (admin/user/permissions#module-taxonomy)

• administer taxonomy: Uncheck in most cases. If checked, it will override TAC and grant the role View tag and Add tag permissions for all terms, regardless of TAC's configuration.

User module (admin/user/permissions#module-user)

• administer permissions: Check for roles that should be able to administer TAC. (Note: if you are interested in having a separate, less global permission for TAC administrators, see #89102: Add "Administer Taxonomy Access Control" option in Access Control ("permissions").)