Fine tune user permissions in WordPress with the Members plugin
We have previously discussed how WordPress handles what a user can and can’t do, you can read all about it here. In short WordPress categorizes the users in six roles and assigns to each one a selection from the 60 default capabilities, each capability allows for a certain action and, naturally, the more capabilities a user has, the more they can do on the site.
Today we’re going to take a look at yet another plugin that can help you fiddle with the default capabilities assigned to each role, or even create new roles for your site.
Members is a role & capability editor for WordPress with some interesting features. Apart from allowing you to edit capabilities on existing roles, it allows you to clone existing roles and modify them to suit your needs, give multiple roles to one user, control which content a user can access based on their role, and even make your entire site & feed private.
Let’s start by taking a look at the plugin’s settings page, located under Settings > Members.
All options are pretty self explanatory, the default ones allow for role & capability editing and restricting content access based on user role. If you are interested in using login widgets or making the site and feed private you can check the appropriate options above.
Modifying an existing role
We’re going to assume in our example that you are running a news site complete with contributors, authors and editor, but for your own reasons would like to remove the ability from editors to delete the posts of other people. To achieve this navigate to Users > Roles and click the Edit link below the editor role.
You will be presented with the edit role screen. In the panel listing all of the role’s capabilities, select Posts in the sidebar and uncheck the Delete Others’ Posts capability as show below.
Click the Update button on the right and you are done, now editors on your site can’t delete posts made by other people.
If you don’t want to mess with the default WordPress user roles (which is a good idea) you can click the Clone link under the editor in Users > Roles. This will clone the editor role. To remove the capability follow the same steps as before. One additional thing you’ll want to take care of is the role’s name. By default your new role will be named after the original one with Clone appended to its name. Just replace the default name with the one you prefer.
To assign the new role to a user navigate to Users > All Users, edit the user and scroll all the way down to Roles. Swap the Editor role for the Editor Restricted one and update the user.
Creating a new role
Now we’ll create a new role. As an example we will create an order manager for our shop. Users with this role will only be able to view and handle orders, nothing more. First we will create a new role by going to Users > Add new role. We’ll name the role Order Manager. By default the only capability this user role will have is Read under general. Move to the Posts tab and add the Edit Posts capability, then go to the Orders tab, grant all order related capabilities and add the role by clicking the button on the right. Now assign the role to a user and you are done.
To make the content of a post unavailable to certain users edit the post and scroll down to the Content Permissions metabox.
Let’s say you have an announcement to make that only regards users with the author role and above. Just check the Author box and update the post. Now visitors, subscribers, and contributors won’t be able to see it. This can be useful if you run some sort of a subscription service and have posts that are only aimed for subscribers. You can create a new role and restrict the content of your posts to that role so only subscribers can read them.
Hopefully the above will help you better utilize the Members plugin to fine-tune user roles and capabilities on your site and overall give you a better grasp on how this system works!