entity_access_by_role_field

Feature Overview

• Provides a "Role access" field to determine access permissions per fielded entity by selected roles
• Selected roles can be allowed or denied access per entity
• Fallback behavior, if no role is selected, can be defined per field
• Entity access can be defined by allowed operation (view,edit,delete)
• Setting "View Unpublished" also allows access on unpublished entities if desired
• Access check can be skipped by global permission for permitted roles

Initially based on Entity Access by Role by Shamrockonov. Thank you very very much, @Shamrockonov. We finally decided to split this module off.

Reasons for split-off-fork:

We decided to split this module of due to large code refactorings and missing maintainer response. Perhaps this will one day land in a 2.x entity_access_by_role module, but due to changes in the field schema the upgrade path might become complicated.

Screenshots

Field Settings:

Widget Settings:

Views support

This module implements hook_entity_access() to dynamically calculate entity access permissions. Due to the complex logic it doesn't implement hook_query_TAG_alter().
So Views may display entities, which are "Access denied" for the users! Take care, in some combination this may lead to information disclosure for such Views contents (e.g. seeing the label you should not see).

Until the core issue (#777578: Add an entity query access API and deprecate hook_query_ENTITY_TYPE_access_alter()) is fixed, you may try the views_entity_access_check module if you're running into such cases:
https://www.drupal.org/project/views_entity_access_check
And please help to push a core solution in the linked issue.

Debugging permissions / entity access

For debugging permissions on entities, the following modules can be helpful:

1. Devel
2. Web Profiler
3. Drush Tools
4. Masquerade

Alternative modules:

• https://www.drupal.org/project/access_policy seems very powerful but also complex
• Role Access Control
• Entity Access by Role
• Entity Access by Reference Field
• Private Entity
• Personal Access Restriction
• Content Access
• Node View Permissions
• Access Policy

Need to define access based on referenced entities instead?

Try our Entity Access by Reference Field module, which is based on the code and knowledge from this module to implement functionality similar to what we knew from Node access node reference and Node access user reference but that have no Drupal 8+ release.

Supporting this module

Support DROWL's ♥ FOSS work on this module on OpenCollective!

Drupal and this module are FOSS. However, it takes dedicated people to develop and maintain. And they need YOU to give back!

We're committed to building and maintaining Drupal modules that benefit the entire community.

Supporting us on OpenCollective helps us continue to improve, innovate and contribute to Drupal's future. Every pledge makes a difference!

If this module has helped you, we would be very grateful for your donation to support its further development and maintenance.

Support our FOSS development ♥️

You can also speed up the development of features or bugfixes you'd love to see, by sponsoring and giving back!

Sponsor a feature or bugfix 🚀

Let's make Drupal even better, together!

Development proudly sponsored by German Drupal Friends & Companies:

webks: websolutions kept simple (https://www.webks.de)
and
DROWL: Drupalbasierte Lösungen aus Ostwestfalen-Lippe (OWL), Germany (https://www.drowl.de)