Drupal core provides very simple access control for content: published or not published. Through the use of the Node Access API, it is possible to create much more fine-grained and complex systems to determine whether or not a user should be able to see, edit, and delete content on the site. The database API makes it relatively simple for a module developer to make sure that her module respects the access system.
For module developers who wish to create their own access systems, there are a few additional functions that you must understand and use. Fortunately, even those are not overly complex. Basing your custom module on the Private module will provide an easy way to get up and running quickly with site-specific node access rules.
Was this article helpful?