Control Who Can View Drupal Nodes: Taxonomy Access Control


In another tutorial this week, we talked about a major hole in Drupal’s permissions system.

The hole is that Drupal allows you to control who can create, edit and delete content but not who can view it.

Because this problem impacts a lot of sites, there are a lot of available solutions. In that other tutorial, we recommended the Content Access module. In this tutorial, we’re going to recommend the Taxonomy Access Control module.

What’s the difference?

  • Content Access works best if your user roles closely match your content types.
  • Taxonomy Access Control works best if you have a more complicated permissions system and one that doesn’t closely match your content types.

Using the Taxonomy Access Control Module

Here’s the example we’re going to use in this tutorial.
  • On this screen we have 5 content items, all of the same content type.
  • Each content item is tagged with the appropriate state. For example, San Francisco is tagged with “California”.
  • We want to deny anonymous users the ability to view items from some states.

Here’s how we use Taxonomy Access Control to solve this problem.


  • You’ll see a message saying, The content access permissions have been rebuilt.
  • Go to Configuration > Taxonomy Access Control.
  • You’ll see that you have options for each user role. Click “edit access” rules next to anonymous user.


You’ll now see the main Taxonomy Access Control page. Here’s how to understand the page:

  • You add the tags on the left.
  • You look for the permissions across the top.


First, let’s add the tags:

  • Under New, choose a tag.
  • Click Add.
  • Repeat until you’ve chosen all the tags that you want to control access for.

Now let’s look across the top of the page:
Here are 5 new permissions that Drupal doesn’t have by default:
  • View: can the user see nodes with this term?
  • Update: can the user edit node with this term?
  • Delete: can the user delete nodes with this term?
  • Add: can the user add this term to a node?
  • View: can the user see the term when looking at a node?

Now that we’ve seen both the left and the top of the page, we can start to apply permissions.

For each permssion, you choose the setting for each tag. Here’s what the labels A, I, D mean:

  • A: people in this user role (in this case, anonymous) have this permission (in this case, View)
  • I: people in this user role have the same permissions as the default setting above
  • D: people in this user role do not have this permission.

So, if we the permissions as in the image below, anonymous users can view content tagged with Texas and Washington but they can’t view content tagged with California or Georgia.


Look back up to the image at the start of this tutorial. Here’s how that screen now appears to anonymous users.




  • Steve Burge

    Steve is the founder of OSTraining. Originally from the UK, he now lives in Sarasota in the USA. Steve's work straddles the line between teaching and web development.

0 0 votes
Article Rating
Notify of

Newest Most Voted
Inline Feedbacks
View all comments
11 years ago

Be careful applying permissions control modules as they can fight each other if you have more than one enabled. Drupal will ultimately grant permissions if any of the permissions modules says to, even if another module says no.

10 years ago

It looks really simple, but it don’t work on my site… I don’t understand why… The permissions in admin/people/permissions are always consider but not the permissions in the taxonomy control access module…
Somebody can help me ?

9 years ago

Successfully tested, be careful about authenticated user role hwo can affect other role given to a registred user.

5 years ago

2018, still works 😀 Thanks so much for this guide, it’s brilliant and easy to follow 🙂

5 years ago

Thanks for the tutorials. But I want to implement the same for some specific users, please help me out into this.

Would love your thoughts, please comment.x