Override Node Options
Provides granular permissions for node publishing options and authoring information fields, allowing non-admin users to control specific node options.
override_node_options
Install
composer require 'drupal/override_node_options:8.x-2.9'
composer require 'drupal/override_node_options:8.x-2.6'
Overview
The Override Node Options module extends Drupal's permission system to provide fine-grained access control for fields within the "Authoring information" and "Publishing options" fieldsets on node add/edit forms. By default, Drupal restricts access to these options to users with the "administer nodes" permission, which grants extensive administrative capabilities.
This module solves the common problem where site builders need to give editors limited control over specific node options (like publishing status or sticky settings) without granting full node administration access. It creates a dedicated permission for each node option, which can be assigned to roles independently.
The module supports two permission modes: general permissions that apply across all content types, and content type specific permissions for more granular control. Both modes can be enabled simultaneously, allowing flexible permission configurations such as "all editors can set sticky status on any content" combined with "only blog editors can change the author on blog posts."
Features
- Granular permissions for the Published status field - control who can publish/unpublish content without full admin access
- Granular permissions for the Promote to front page option - allow specific roles to feature content
- Granular permissions for the Sticky at top of lists option - delegate sticky settings to content editors
- Granular permissions for the Create new revision checkbox - control who can decide whether to create revisions
- Granular permissions for the Revision log message field - allow editors to document changes
- Granular permissions for the Authored by field - control who can change content authorship
- Granular permissions for the Authored on date field - control who can modify creation dates
- Support for general permissions that apply to all content types at once
- Support for content type specific permissions for fine-grained control per bundle
- Compatible with Views Bulk Operations for bulk publishing/unpublishing content
- Clean architecture with interface-based access override system
Use Cases
Allow editors to publish content without admin access
A common scenario where content editors need to publish their own content but should not have full 'administer nodes' permission. Enable the module, then assign 'override all published option' (or content type specific variants) to the Editor role. Editors can now toggle the Published checkbox without access to other administrative functions.
Delegate sticky/promote decisions to content managers
Site has content managers who should decide which content appears on the front page or is sticky. Assign 'override all promote to front page option' and 'override all sticky option' permissions to the Content Manager role. They can now feature content without broader administrative access.
Control revision creation per content type
Different content types have different revision requirements. For Article content that requires strict revision tracking, don't grant revision override permissions to editors. For simple Page content, grant 'override page revision option' so editors can decide whether to create revisions. This provides flexibility while maintaining audit trails where needed.
Allow bulk publishing/unpublishing from content overview
When combined with the content overview page, users with the appropriate published option permissions can use bulk operations to publish or unpublish multiple nodes at once. This is tested in the module's BulkFormTest and works with Views Bulk Operations.
Let specific roles change content authorship
In some workflows, one person creates draft content that another person will be credited as author. Grant 'override [type] authored by option' to allow changing the Authored by field. This is useful for ghostwriting scenarios or when migrating content attribution.
Backdate content for imported or migrated articles
When importing content or reconstructing historical records, editors may need to set accurate creation dates. Grant 'override [type] authored on option' to allow modification of the Authored on date field.
Tips
- Both general and specific permissions can be enabled simultaneously. When a user has both 'override all published option' and 'override article published option', either permission grants access - they work with OR logic.
- Permissions are dynamically generated based on existing content types. After creating a new content type, the specific permissions for it are immediately available without clearing caches.
- Users with 'administer nodes' permission bypass all override checks and have full access to all node options. This module is specifically for users who should NOT have that permission.
- The module only affects node add/edit forms. It does not create permissions for other entity types or affect access to nodes themselves (view/edit/delete).
- When using Views Bulk Operations, ensure users have the appropriate permissions for the bulk actions they need to perform. The published option permission allows both the 'Publish' and 'Unpublish' bulk actions.
Technical Details
Admin Pages 1
/admin/config/content/override-node-options
Configure which types of permissions the module should generate. You can enable general permissions (applying to all content types) and/or content type specific permissions (one set per content type). Changes take effect immediately and affect which permissions are available on the Permissions page.
Permissions 14
Hooks 2
hook_form_alter
Used to grant access to the revision checkbox on node forms based on user permissions
hook_entity_field_access_alter
Used to override field-level access for node fields like status, promote, sticky, uid, created, and revision_log
Troubleshooting 4
Check the module settings at /admin/config/content/override-node-options. Ensure either 'General permissions' or 'Specific permissions' (or both) checkboxes are enabled. Clear the site cache after changing these settings.
Verify the user does NOT have 'administer nodes' permission, as the module's access checks only apply when that permission is absent. Also verify the field is not hidden by display mode configuration.
Ensure 'Specific permissions' is enabled in module settings. The permissions are generated dynamically from NodeType::loadMultiple(), so they should appear for all existing content types. Try clearing caches with drush cr.
Ensure the user has the appropriate override permission (e.g., 'override article published option' for unpublishing articles). The module integrates with entity access checks used by bulk operations.
Security Notes 3
- This module follows Drupal's permission system and uses AccessResult for all access decisions, ensuring proper cacheability and security.
- Access checks only affect users who do NOT have 'administer nodes' permission. Users with that permission have full access regardless of override permissions.
- The module is covered by Drupal's Security Advisory policy (security coverage: covered), indicating it has been reviewed for security best practices.