Drupal is a registered trademark of Dries Buytaert
cms 2.1.3 Update released for Drupal core (2.1.3)! drupal 10.5.11 Update released for Drupal core (10.5.11)! drupal 11.3.11 Update released for Drupal core (11.3.11)! drupal 11.2.13 Update released for Drupal core (11.2.13)! drupal 10.6.10 Update released for Drupal core (10.6.10)! cms 2.1.2 Update released for Drupal core (2.1.2)! drupal 11.1.10 Update released for Drupal core (11.1.10)! drupal 10.5.10 Update released for Drupal core (10.5.10)! drupal 10.4.10 Update released for Drupal core (10.4.10)! drupal 11.2.12 Update released for Drupal core (11.2.12)! drupal 11.3.10 Update released for Drupal core (11.3.10)! drupal 10.6.9 Update released for Drupal core (10.6.9)! drupal 10.6.8 Update released for Drupal core (10.6.8)! drupal 11.3.9 Update released for Drupal core (11.3.9)! drupal 11.3.8 Update released for Drupal core (11.3.8)! drupal 11.3.7 Update released for Drupal core (11.3.7)! drupal 11.2.11 Update released for Drupal core (11.2.11)! drupal 10.6.7 Update released for Drupal core (10.6.7)! drupal 10.5.9 Update released for Drupal core (10.5.9)! cms 2.1.1 Update released for Drupal core (2.1.1)!
← All modules

target_audience

No security coverage
View on drupal.org

Target Audience lets you restrict who can view or edit any Drupal entity by adding one reusable field. Pick roles, individual users (by email), or groups, and grant view and/or edit per target.

Out of the box, Drupal decides access mainly through roles and permissions. That is great for site-wide rules, but it is hard to say "only these specific people, or members of this group, may see or edit this item." Target Audience solves that: you add a single Target audience field to a content type (or any other entity type), and editors choose the audience right on the edit form. If you leave it on All (everyone), the content stays public and nothing changes. As soon as you pick a role, a user, or a group, only that audience can reach the content — everyone else is blocked, and restricted content never shows up in listings, search, or anywhere else on the site.

Features

  • Reusable field type — add a "Target audience" field to nodes or any fieldable entity type via the normal Field UI.
  • Three audience kinds — target by role, by individual user (entered by email address), or by group (when the Group module is installed).
  • Per-target view and edit — each row independently grants view and/or edit, so you can let some people read while others can also change the content.
  • Public by default — every field defaults to "All (everyone)". Enforcement only starts once a specific audience is chosen, so adding the field never accidentally hides existing content.
  • Real, query-level security for nodes — uses Drupal's node grants system, so restricted nodes are hidden everywhere: canonical page, Views, search, and other listings — not just on the node page.
  • Works on other entity types — non-node entities are enforced at runtime via entity access checks.
  • No data leakage — the field is visible and editable only to users with the "Administer target audience access" permission, and it renders nothing on the front end, so the audience list is never exposed on forms, view modes, REST, or JSON:API.
  • Configurable per field — choose which target types are allowed and, when Group is enabled, which group types editors may select.
  • Administrator bypass — users with the module permission (or core's "Bypass node access") are never locked out.

Typical use cases: sharing a document with a named list of people, limiting a page to one or more groups, giving a review team edit access to specific content, or building simple "private to selected users" content without writing custom access code.

Post-Installation

There is no central settings page — Target Audience works through a field you add yourself.

  1. Enable the module and grant the Administer target audience access permission to the roles that should manage audiences (Administration » People » Permissions).
  2. Go to the bundle you want to protect (for example Structure » Content types » Article » Manage fields), add a new field of type Target audience, and set its cardinality to Unlimited so several targets can be added.
  3. In the field settings, choose which target types are allowed (role, user, group) and, when Group is installed, which group types may be selected.
  4. The default form/view displays are fine as-is: the widget shows on the edit form (to permitted users) and the field renders nothing on display.
  5. Edit a piece of content. Leave the audience on All (everyone) to keep it public, or add rows targeting roles, users (by email), or groups and tick view and/or edit. Save — access takes effect immediately.

For nodes, the module registers node access grants automatically. If you add the field to content that already exists, you may want to rebuild node access permissions once (Administration » Reports » Status report) so existing nodes pick up the new grants.

Additional Requirements

None beyond Drupal core. The module depends only on the core Field and User modules. Node and Group integrations are optional and are detected automatically — neither is required for the module to work.

Recommended modules/libraries

  • Group — enables the "group" target type so you can grant access to the members of specific groups.
  • Node (core) — when present, restricted content is enforced through node access grants for full query-level protection.

Similar projects

  • Page Access and other node-only access tools restrict nodes specifically. Target Audience is a field you can attach to any entity type, stores per-target view/edit, supports user-by-email and group targeting, and hides the audience data from non-administrators.
  • Permissions by Term restricts access based on taxonomy terms on content. Target Audience instead targets concrete roles, users, or groups chosen directly on the entity.
  • Content Access sets per-node-type and per-node access by role. Target Audience adds individual users and groups, separate view/edit per target, and support for non-node entity types.

Supporting this Module

Contributions, issues, and merge requests are welcome on the project's issue queue.

Community Documentation

See the module's README for a quick-start guide and the security model.

Activity

Total releases
1
First release
Jun 2026
Latest release
12 hours ago
Release cadence
Stability
100% stable

Releases

Version Type Release date
1.0.0 Stable Jun 17, 2026