[User Roles] User role access

Looking to create a different user role that has all Administrator privileges without access to WPMUDev dashboard etc…

  • Adam Czajczyk
    • Support Gorilla

    Hello Chip

    I hope you’re well today!

    I’m not exactly sure what you wish to achieve as in WordPress “administrator privileges” (or “capabilities” to be exact) implicate “access to everything” – that’s the point of such role and capabilities. Whenever you want to limit access to some features/back-end parts you either need to actually remove some capabilities from the role or use some additional solution that was designed explicitly for access control.

    Such a solution can be for example “Admin Menu Editor” plugin:

    https://wordpress.org/plugins/admin-menu-editor/

    The “WPMU DEV Dashboard” is yet another aspect of it. By default it is not available to all administrators but only to the one who activated it – so if there are 3 admin-role accounts on site, the plugin is available only to the account that was used to enable it.

    Of course, another admin account could actually deactivate and activate the plugin and this way gain access to it. But you could limit that access to the specific users (admin-role users) only by adding following line to the “wp-config.php” file:

    define( 'WPMUDEV_LIMIT_TO_USER', '1, 10, 15' );

    where the numbers (separated by commas) are IDs of admin-role accounts. There can be multiple of them or just one and the WPMU DEV Dashboard will then be available only to these accounts, even if deactivated and re-activated by other admin-user.

    Finally, you said “access to WPMUDev dashboard etc” and I’m slightly confused with that “etc” part :slight_smile: I mean, I understand that you mean access to “WPMU DEV Dashboard and some other parts of the site” but I’m not sure which parts/what kind of features do you mean so if you could shed some light on it, it would be great :slight_smile:

    Best regards,

    Adam

  • Tony G
    • Mr. LetsFixTheWorld

    Somewhat related, I’ve noted in the past that a couple WPMU DEV plugins use capability manage_options to determine if a user is an Administrator, and therefore has permission to manage the plugin details. I don’t think this should be hard-coded.

    I think every feature should be assigned to a capability so that specific permissions can be given to specific roles. For example, create these capabilities and then let the admin decide which role gets them: wpmudev_dashboard, wpmudev_defender_manager, wpmudev_snapshot_manager, wpmudev_forminator_create_form, wpmudev_forminator_delete_poll, wpmudev_forminator_export_entries …

    Capabilities can have levels. There can be a higher level wpmudev_forminator_manager capability in addition to or instead of specific function-level capabilities.

    I’m not really advocating for extensive capability assignments, but rather advocating against over-generalizations that only check for manage_options. This forces a site admin to give full admin permissions to someone just so they can maintain some plugin details. That’s not good.

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.