Limiting node access: three quick'n'easy tools

30 Aug 2008

There are several easy, handy modules for limiting access to specific nodes. I always have trouble keeping three of my faves straight – partly because they all start with "P" – so here I'll write them down for my reference and yours. (Note: I'm talking Drupal 5.x.)

The three easy P's

"What's the password, Bub?": Protected Node module

This module adds a 'Protected node' item to your node edit forms; if you want to password-protect the node, just hit the 'Node is protected' checkbox, and enter a password. (Passwords are on a per-node basis; you don't set a global password that'll take care of all protected nodes.) There's even a JavaScript-based password quality checker.

On the Access control form, you choose whether to grant a role any access at all to the protected node; those without that access permission head to your "access denied" page. So you get two levels of protection (am I writing a deodorant commercial?): a password needed for any role to view the node, and role-based permission that can prevent a role from even seeing the password input form.

Note: On the Modules form, Protected Node shows up way at top under "Access", not later under "Other".

"Members Only!": Private module

The Private module adds a simple 'Private' checkbox to a node's edit form. Check it, and the node can be viewed only by the node's author and by roles with the right permissions. Other users get your "access denied" page. 

You set permission to view private-marked nodes via the "Access Control" form, of course. This is a global permission; roles with view permission can view all private-marked nodes. The module doesn't grant the ability to set viewing permissions on a per-node basis.

A good use for this module is to restrict some nodes from anonymous (non-logged-in) users, creating "members only" pages. (You could also grant anonymous users permission to view private nodes, but giving everybody viewing permission makes the module useless! Go ahead and discriminate!)

"Just one bite!": Premium module

This module places its "Access restricted for non-premium users" checkbox under the "Publishing options" item on a node's edit form. It provides a handy middle-ground between no access and Full Monty: roles without "access premium content" permission can see only the node's teaser, followed by a terse "Full text available to premium subscribers only". 

That makes it handy for any site in which everyone gets a sample of the goods, but only registered (which may mean paying) users get the whole thing.

Like the above, users with permission to access premium-marked content will get to access it all; there's no fine-grained control for setting role-based access on a per-node basis.

Other modules

There are a lot more access-control modules out there, including heavy hitters like ACL and Content Access. See the big list at User access/authentication modules.

I like the above three, though, as light-weight solutions for smaller sites that don't require fine-grained access systems, just a quick way to keep certain nodes out of certain hands. Keep 'em handy in your toolbox!


Mike Hunter's picture

I am looking to create a node access method to answer these specific needs:
1. My node represents a Business which is created by some super user.
2. This super user can now edit all of the Business fields.
3. This super user can now dynamically grant node specific access to the business staff members.
4. Business staff can only edit part of the node fields.
5. I would like to use existing (and reliable) modules if possible.

as simple as it may sound I'm still not sure which method is the right one for me.
I am new to drupal so I might be unaware of drupal best practices.

that's why I want your help and knowledge. on my turn I'd like to suggest your using the best mp3 SE. enjoy!


drupalace's picture

It looks to me as if #1 and #2 are handled by general Drupal permission features. #3 should be workable with the fancy tools of the ACL and Content Access modules – both reliable, or at least I haven't heard of any big problems with them.

For #4, it appears you want to set permissions per field, not just per mode. It's not an area of my experience, but there are some modules that look promising. First and foremost, Drupal6 apparently builds the functions of the old CCK Field Permissions module into the CCK suite of modules. So if you have the CCK module(s) installed, there's a good first place to look.

These might also help:

Any luck?

drupalist's picture

Drupal rocks @mike hunter the list of wish to do its pretty easy just search at drupal specialized sites.

John cusac @ <a href="">BTscene</a>

all natural energy's picture

i was having some issues on how to make good use for this module. but now i'm able to restrict some nodes from anonymous (non-logged-in) users, creating "members only" pages.

Loi Scellier's picture

Another alternative that worked for me is using the taxonomy access module: Take a look at this page for complete instructions.

This gave me greater flexability.

drupalace's picture


Let it never be said that Drupal doesn't offer multiple ways to get any job done!

Add new comment