Access plugin allows you to control which sections different user roles can reach in the WordPress admin. You will be able to create your own custom roles and choose exactly what administration capabilities they have on the site.
Roles in WordPress are groups of users. Each user belongs to a role.
The roles that come with WordPress are administrator, editor, author, contributor and subscriber. Different roles offer different sets of capabilities.
When you create an administrator user, that user can do anything in the site. Subscriber users have no admin privileges. In between them, editor, author and contributor have varying degrees of capabilities in the WordPress admin.
Different plugins and themes often create their custom roles, to allow access to admin features that they create.
Access plugin lets you create your own custom roles and manually set its capabilities.
The roles management is located in the Toolset -> Access Control page, on the Custom Roles tab. Click Add a new role and enter the role’s name.
|Click on Add a new role||Enter role’s name|
Your newly created role always starts with no capabilities, unless you select to copy privileges from an existing role. In this case, it derives the capabilities from the selected role.
After you add some custom roles, the listing page is similar to this screenshot:
The roles table has a specific ordering, which is as following:
- Administrator (WordPress default administrator role, which has all capabilities)
- Super administrators (in multisite installations only)
- Custom roles with administrator capabilities
- Editors (roles who can edit any posts)
- Authors (roles can edit only own posts)
- All other roles
- Guest (this indicates the logged out user and is listed only in permission tables)
When you create a new role, whether or not you select to copy privileges from an existing role, you can edit the permissions of the new role. Click on Change permissions to see a list of all the available capabilities (things that a user can do) in the WordPress admin.
|Click on Change Permission||List of available capabilities|
The list is long, as it represents every single action, available in your site’s admin.
If you are using WPML or WooCommerce plugins, you will see the capabilities for these plugins at the end of the list.
You can change the capabilities of custom roles that you have created with Access and see the capabilities of the built-in roles.
Access has functionality that allows other plugins to add roles to users. This means that users can have multiple roles in addition to the one defined in Access.
By default, Access allows you to set permission only for the roles defined using the plugin. This means that, by default, you cannot change permissions for the standard user roles that come built-in with WordPress and the special ones that are created by other plugins. A good example of such special role is the Shop Manager role defined by the WooCommerce plugin.
If you need to change these roles, you can enable their customization by clicking the Enable advanced mode button.
Access allows you to assign multiple roles to a single user. For example, the same user can have the Editor and Shop Manager roles at the same time.
To assign additional roles to a user, edit them from the Users page in the WordPress admin. Find the Role option and click the I want to add more roles to this user link.
Please note that currently, only Toolset Access and Toolset Types support multiple user roles. Third-party plugins that don’t yet support this feature will simply use the user’s first, original role.
If a user has list_users and promote_users capabilities, they can change roles for all users. This includes the ones with higher user roles than themselves. If you want to prevent this behavior you have to:
- Go to the Toolset -> Settings page and click the Access tab.
- Check the Do now allow users to view and modify other users with higher privileges option.