diff --git a/modules/node/node.api.php b/modules/node/node.api.php
index bc2eb65b1733..1801b6734abc 100644
--- a/modules/node/node.api.php
+++ b/modules/node/node.api.php
@@ -256,7 +256,7 @@ function hook_node_grants($account, $op) {
  *
  * Note: a deny all grant is not written to the database; denies are implicit.
  *
- * @see node_access_write_grants()
+ * @see _node_access_write_grants()
  *
  * @param $node
  *   The node that has just been saved.
diff --git a/modules/node/node.module b/modules/node/node.module
index 2a4db4e88c3b..78be97df78f9 100644
--- a/modules/node/node.module
+++ b/modules/node/node.module
@@ -3328,7 +3328,7 @@ function node_access_acquire_grants($node, $delete = TRUE) {
     $grants = array_shift($grant_by_priority);
   }
 
-  node_access_write_grants($node, $grants, NULL, $delete);
+  _node_access_write_grants($node, $grants, NULL, $delete);
 }
 
 /**
@@ -3339,6 +3339,9 @@ function node_access_acquire_grants($node, $delete = TRUE) {
  * node_access can use this function when doing mass updates due to widespread
  * permission changes.
  *
+ * Note: Don't call this function directly from a contributed module. Call
+ * node_access_acquire_grants() instead.
+ *
  * @param $node
  *   The $node being written to. All that is necessary is that it contains a
  *   nid.
@@ -3354,7 +3357,7 @@ function node_access_acquire_grants($node, $delete = TRUE) {
  *   If false, do not delete records. This is only for optimization purposes,
  *   and assumes the caller has already performed a mass delete of some form.
  */
-function node_access_write_grants($node, $grants, $realm = NULL, $delete = TRUE) {
+function _node_access_write_grants($node, $grants, $realm = NULL, $delete = TRUE) {
   if ($delete) {
     $query = db_delete('node_access')->condition('nid', $node->nid);
     if ($realm) {