Access allows you to control what different users can do in the WordPress admin and what they can read on the front-end. You can set access rules for user types and for specific users.
Access also manages user access to post field groups, Toolset forms, WPML, and WooCommerce.
Managing Access Control for Posts, Pages and Custom Post Types
Access controls for posts, pages, and custom post types look like this:
To allow Access to manage that content type, click on the Managed by Access checkbox at the top of each section and then on the Save button for that post type. Note that custom post type sections feature two additional options for managing their access control, as displayed in the following image.
The additional options are the following;
- You can set the custom post type to use the same read permission as regular Posts.
- You can use the default WordPress read permissions for the custom post type.
After selecting how the post type is managed, you can select the checkboxes to choose what operations different users can do. The ones selected by default are the standard WordPress permissions. The privileges that you can select are:
- Read – read the content on the front-end
- Edit own – create new content and edit the content that each user has created
- Delete own – delete the content that each user has created
- Edit any – edit content created by other users
- Delete any – delete content created by other users
- Publish – public content
- Preview any – preview the content before it’s published
To grant privileges to specific users, click on the user icon and start typing the username in the dialog’s text field. Access will auto-complete and let you select users.Please note that when a static page is set as a Blog page on the WordPress Settings page, Access cannot apply permissions to that page, as it becomes an archive and is not a standard page anymore.
Access control for comments
The Access plugin allows you to control which comments user roles are able to moderate. The workflow is a bit different for standard Posts and custom post types.
Comments for the standard Posts type
To control permissions for moderating comments, you need to make sure to select that Posts are managed by Access. For a user role to be able to edit its own comments it needs to have the Publish and Edit own capabilities for Posts. For a user role to be able to edit all comments it needs to have the Publish and Edit any capabilities for Posts.
Comments for custom post types
To control permissions for moderating comments, you need to make sure to select that your custom post type and the standard Post and Pages are all managed by Access. For a user role to be able to edit its own comments it needs to have the Publish and Edit own capabilities for that custom post type and the standard Posts. For a user role to be able to edit all comments it needs to have the Publish and Edit any capabilities for that custom post type and the standard Posts.
Choosing what to Display When Read Access is Denied
The “read” privilege is specific. When you disallow reading, you can choose what to display for users without access.
Selecting default error display for all user roles
For any post type controlled by Access, you can select a default content to show when read access is denied.
Selecting error display for a specific user role
You can also specify what to display when read access is denied for a specific user role. The icon to edit these options appears when you deselect the read permission for a given role.
Options for error display
When selecting what to display when a user has no read access, you can choose from the following options.
- Default error, the one selected for all user roles.
- A 404 page, indicating that this content does not exist.
- The current page, displayed using a specified template layout, or a Content Template (only if you are not using Layouts).
Selecting error display for archive pages
For custom post types, which do not include Pages and Media, you can also select what to display on the archive page for user roles without the read permissions. You can choose from the following options for archive pages:
- Display the “No posts found” message.
- Choose a different PHP template to render the contents. This option is available if Views and Layouts plugins are not active.
- Choose a layout for displaying the error. This option is only available if the Layouts plugin is active. You also need to have at least one Template Layout created.
- Choose a WordPress Archive to display the error. This option is only available if the Views plugin is active and the Layouts plugin is not. You also need to have at least one WordPress Archive created with Views.
Previewing what users without permission see
In the dialog box for selecting what users without permission see, there is a Preview error for POST_TYPE link. POST_TYPE is the name of the respective post type you are editing. Clicking it displays a page belonging to the Post type, and automatically “simulates” the selected user role and a post belonging to the related post type. Please note that the preview only works for administrators. Additionally, the related post type needs to have at least one existing post.
Managing Access Control to Taxonomy
Access control for taxonomy, including tags, categories and all custom taxonomy, looks like this:
Similarly to post types, to enable access management for taxonomy, you must click on the Managed by Access checkbox. Taxonomy access management includes another option, called “Same as Category”. When selected, the access rules are set according to the settings for WordPress built-in Categories. For example, it will mean that the taxonomy is available when categories are. Please note that this option is only available if the taxonomy belongs to a single post type, or all post types that have this taxonomy have the same access rules. The privileges that you can select for taxonomy are:
- Manage terms – access the taxonomy terms list
- Edit terms – edit any term
- Delete terms – delete terms
- Assign terms – assign terms to their respective post types
You can also grant taxonomy access privileges to specific users, by clicking the user icon and entering their names in the search text field.
Access permissions for feeds
The Access plugin features a new logic for controlling the WordPress feeds’ visibility on the front-end. The permissions you assign to the specific user role for a specific contents (post types) are also used to control the visibility of those contents in the feeds on the front-end. For example, if you restrict users with the role guest (i.e. the ones not logged in), not only will they be restricted from viewing certain contents on the front-end but those contents also will not appear for them in the feeds.
- Allow users to manage their items
- Restricting access to pages
- Create users and assign them the roles you created
- Grant Privileges to Content Managers
- Setting up Custom Roles for Members
- Creating a “My Account” Page
- Controlling Access to Front-End Forms
- How to Reset Access Settings
- Access Control for Contents Inside Page Content
- Access Control for Fields