Using Drupal’s built-in node grants and realm access system, you can control which users or user roles can perform different operations such as view, update, and delete on a per node basis. You can apply similar access control to non-node entities via access hooks.
This session will take a look into how access control works in Drupal, methods and techniques to customize access control, and things to look out for when dealing with access control in general.
What are Node Grants and Realms?
How to create Node Grants and Realms
How to deny Node access
How to control access for non-node entities
Alternative methods to control access based on referenced content
Gotchas with access control