direct-access-raises-list-access-filters
IN premise
API functions for single-node access (`show_node`, `explain_node`, `trace_assumptions`) raise `PermissionError` on forbidden nodes, while list/export functions (`list_nodes`, `search`, `export_network`) silently exclude them from results.
Summary
When you ask about a specific node by name, the system will block you with an error if you're not allowed to see it. But when you browse or search, forbidden nodes simply don't appear in the results — you won't even know they exist. This means the access control behaves differently depending on whether you're doing a targeted lookup versus a broad query, which matters for how callers should handle permissions.
Details
| Source | entries/2026/04/29/tests-test_access_tags.md |