Access plugin allows you to control which sections different user roles can reach in the WordPress admin. You will be able to create your own custom roles and choose exactly what administration capabilities they have on the site.

About Roles and Capabilities

Roles for new user

 

 

 

 

Roles in WordPress are groups of users. Each user belongs to a role.

The roles that come with WordPress are administrator, editor, author, contributor and subscriber. Different roles offer different sets of capabilities.

When you create an administrator user, that user can do anything in the site. Subscriber users have no admin privileges. In between them, editor, author and contributor have varying degrees of capabilities in the WordPress admin.

Different plugins and themes often create their custom roles, to allow access to admin features that they create.

Access plugin lets you create your own custom roles and manually set its capabilities.

Creating Custom Roles

The roles management is located in the Toolset -> Access Control page, on the Custom Roles tab. Click Add a new role and enter the role’s name.

Click on Add a new roleEnter role’s name
new-role-step1new-role-step2

Your newly created role always starts with no capabilities, unless you select to copy privileges from an existing role. In this case, it derives the capabilities from the selected role.

Create a new role with the same privileges as an existing role
Create a new role with the same privileges as an existing role

 

Listing Custom Roles

After you add some custom roles, the listing page is similar to this screenshot:

Roles listing page
Roles listing page

 

The roles table has a specific ordering, which is as following:

  1. Administrator (WordPress default administrator role, which has all capabilities)
  2. Super administrators (in multisite installations only)
  3. Custom roles with administrator capabilities
  4. Editors (roles who can edit any posts)
  5. Authors (roles can edit only own posts)
  6. All other roles
  7. Guest (this indicates the logged out user and is listed only in permission tables)

Editing Capabilities for Your Custom Roles

When using the Yoast SEO plugin alongside Access, you are likely to run into problems when you give Post Edit rights to a custom user role that has permissions copied from the Guest one. In this case, the custom user role will not be able to access the Posts and Tools pages in the WordPress administration. Read more about this conflict and how to solve it on the related Errata page.

When you create a new role, whether or not you select to copy privileges from an existing role, you can edit the permissions of the new role. Click on Change permissions to see a list of all the available capabilities (things that a user can do) in the WordPress admin.

Click on Change PermissionList of available capabilities
change-permissions-linkchange-permissions-dialog

The list is long, as it represents every single action, available in your site’s admin.

If you are using WPML or WooCommerce plugins, you will see the capabilities for these plugins at the end of the list.

You can change the capabilities of custom roles that you have created with Access and see the capabilities of the built-in roles.

Standard WordPress user roles and the ones created by other plugins

Access has functionality that allows other plugins to add roles to users. This means that users can have multiple roles in addition to the one defined in Access.

By default, Access allows you to set permission only for the roles defined using the plugin. This means that, by default, you cannot change permissions for the standard user roles that come built-in with WordPress and the special ones that are created by other plugins. A good example of such special role is the Shop Manager role defined by the WooCommerce plugin.

Enable advanced mode
Enable advanced mode

If you need to change these roles, you can enable their customization by clicking the Enable advanced mode button.

Using multiple roles per user

Access allows you to assign multiple roles to a single user. For example, the same user can have the Editor and Shop Manager roles at the same time.

To assign additional roles to a user, edit them from the Users page in the WordPress admin. Find the Role option and click the I want to add more roles to this user link.

Adding more roles to a user
Adding more roles to a user

Please note that currently, only Toolset Access and Toolset Types support multiple user roles. Third-party plugins that don’t yet support this feature will simply use the user’s first, original role.

Prevent modifying users with higher privileges

If a user has list_users and promote_users capabilities, they can change roles for all users. This includes the ones with higher user roles than themselves. If you want to prevent this behavior you have to:

  1. Go to the Toolset -> Settings page and click the Access tab.
  2. Check the Do now allow users to view and modify other users with higher privileges option.

Do not allow users to view and modify other users with higher privileges
Do not allow users to view and modify other users with higher privileges