Private content

In this tutorial, we're going to use the Access Policy module to create a policy that makes content private while also granting certain users the ability to view the content.

Step by Step:

Step One: Add the "Grant access to users" field 

Access Policy allows you to use almost any field to control access to content. In this example, we are going to add a user entity reference field to a node.

1. Add a User entity reference field to the Basic page.
2. Set the label to "Grant access to users"
3. Set the allowed number of values to Unlimited.
4. Uncheck "Include the anonymous user"
5. Click Save settings.

Step Two: Create the access policy

Now let's create an Access Policy to tell Drupal what we want it to do with that new field. 

1. If you haven’t already, download and install the Access policy module.
2. Enable the access_policy_ui sub module.
3. Go to /admin/people/access-policies
4. Add a new Access policy called "Me only"
5. Click Manage operations 
6. Uncheck all checkboxes in the Permission column and click Save operations.
7. Click Add access rule
8. Click the checkbox next to "Authored by current user" and click Add and configure.
9. Leave all the default options and click save.
10. Add another access rule.
11. Click the checkbox next to "Grant access to users field has reference to current user" and click Add and configure.
12. Under Empty behavior choose "Deny"
13. Under operation constraints uncheck everything except for "View"
14. Click save 
15. Change the Validation operator to "Any" 
16. Save the policy.
17. Go to Manage selection 
18. Click Add selection rule
19. Click the checkbox next to "Authored by current user" and click Save and configure.
20. Leave all default options in place and click save. 
21. Save the policy.

Step Three: Set selection mode to Manual

A document-style approach to assigning access works really well in a case like this. So let's turn on "Manual" mode so that we can assign access from an "Access" tab. 

1. Go to /admin/people/access-policies
2. Click Content settings 
3. Under Selection mode choose "Manual" 
4. Set Default policy to "First available" 
5. Leave all the other settings in place and click save. 
6. Some new settings have now been exposed in your access policy, let's edit them now.
7. Edit the Me only access policy again.
8. Set the description to: "Only you and the users below have access to this content."
9. Edit the access rule "Grant access to users field has reference to current user"
10. Open Access tab settings and click "Show widget" and set the Field widget display to "Autocomplete"
11. Save the policy.

Step Four: Using the Access policy

Now every node that you create will automatically be set to "Me only" and only you, the original author, will be able to view it. You can allow 
others to view it by going to the Access tab and adding their user name to the "Grant access to users" field. 

1. Create a new Basic page.
2. Note that the "Grant access to users" field is not displayed on the node edit field. That's because it's being hidden by Access policy.
3. Save the Basic page. 
4. Click the Access tab next to Edit 
5. The content has already been assigned to Me only and the Grant access to users field is visible.