James Williams Releases Autocreate Access: A Drupal Module for Smarter Tagging Permissions

James Williams, a senior developer, has announced the release of a new module on his blog post on ComputerMinds for Drupal called Autocreate Access, aimed at solving a long-standing issue with taxonomy term tagging in the content management system. The problem arose on a client project where Drupal’s autocomplete widget for taxonomy terms didn’t meet specific user access expectations.

Typically, Drupal’s “tags style” autocomplete widget lets users select existing taxonomy terms or create new ones directly from the input field. This works well for many use cases, but not for James’ client, who needed a stricter setup: site visitors should be able to choose from existing terms but not create new ones, while editors should retain the ability to do both, all through the same interface.

James explained in a blog post that, out of the box, Drupal doesn’t distinguish between user roles in this context.

"Many websites still want to allow easy free-tagging without having to think about permissions (or giving direct access to full standalone forms for creating terms). Changing that behaviour could break backwards-compatibility, which might not be worth the hassle of delivering a change within core"

That limitation prompted the need for a solution that would respect Drupal’s access controls more precisely.

The Autocreate Access module addresses this by tying the autocomplete tagging widget’s behaviour to Drupal’s existing role-based permissions for creating taxonomy terms — and, more broadly, other entity types. Once the module is installed, administrators can enable the feature per field by ticking a simple checkbox labelled “Respect access” in the field’s configuration page.

A screenshot shared in the blog post illustrates a typical use of the widget: a “News” tag already selected, with the user typing “Re” into the field and being presented with matching suggestions. Without the module, continuing to type a new term like “Restrictions” would create a new tag, even for users who technically shouldn’t have that capability.

Under the hood, the module works by intercepting how Drupal handles the #autocreate property in its entity_autocomplete form element. Normally, this property tells Drupal to automatically create a new entity if the typed value doesn’t match an existing one. James’ module adds a layer of logic that checks whether the logged-in user has the necessary permissions to create the relevant entity, typically a taxonomy term.

Although some might argue this should be default behaviour in Drupal core, James notes the potential complications in changing long-standing defaults. 

“Many websites still want to allow easy free-tagging without having to think about permissions,” he wrote. “Changing that behaviour could break backwards-compatibility.”

For now, the Autocreate Access module offers a clean, configurable workaround — one that gives developers and site builders more granular control over who can create terms, without compromising on usability.