User Roles and Permissions

Of all the CMS (Content Management Systems) I’ve used, I would say that WordPress is one of the more difficult CMS to control access and permissions based on user if you want to be granular/specific.

By default WordPress comes with the following roles:

  • Administrator
  • Editor
  • Author
  • Contributor
  • Subscriber

Comparison of the different roles in WordPress are found below

Super Admin (multi-site) Administrator (single site) Editor Author Contributor Subscriber
create sites X
delete sites X
manage network X
manage sites X
manage network users X
manage network plugins X
manage network themes X
manage network options X
upload plugins X
upload themes X
upgrade network X
setup network X
activate plugins X X
create users X X
delete plugins X X
delete themes X X
delete users X X
edit files X X
edit plugins X X
edit theme options X X
edit themes X X
edit users X X
export X X
import X X
install plugins X X
install themes X X
list users X X
manage options X X
promote users X X
remove users X X
switch themes X X
update core X X
update plugins X X
update themes X X
edit dashboard X X
customize X X
delete site X X
moderate comments X X X
manage categories X X X
manage links X X X
edit others posts X X X
edit pages X X X
edit others pages X X X
edit published pages X X X
publish pages X X X
delete pages X X X
delete others pages X X X
delete published pages X X X
delete others posts X X X
delete private posts X X X
edit private posts X X X
read private posts X X X
delete private pages X X X
edit private pages X X X
read private pages X X X
unfiltered html X X X
edit published posts X X X X
upload files X X X X
publish posts X X X X
delete published posts X X X X
edit posts X X X X X
delete posts X X X X X
read X X X X X X

and if you have bbPress  installed, it added these additional roles

  • Keymaster
  • Moderator
  • Participant
  • Spectator
  • Blocked

Comparison of the different bbpress roles and what each gets ya.

Forum Capabilities Keymaster Moderator Participant Spectator
publish forums X X
edit forums X X
edit others forums X
delete forums X
delete others forums X
read private forums X X X
read hidden forums X X
Topic Capabilities Keymaster Moderator Participant Spectator
publish topics X X X
edit topics X X X
edit others topics X
delete topics X X
delete others topics X X
read private topics X X
Reply Capabilities Keymaster Moderator Participant Spectator
publish replies X X X
edit replies X X X
edit other replies X X
delete replies X X
delete others replies X X
read private replies X X
Topic Tag Capabilities Keymaster Moderator Participant Spectator
manage topic tags X X
edit topic tags X X
delete topic tags X X
assign topic tags X X X
Miscellaneous Keymaster Moderator Participant Spectator
spectate X X X X
participate X X X
moderate X X
throttle X X
view trash X X

A strong suggestion for better capability is a free plugin called Members by Justin that will give you many benefits to include:

  • Role Editor: Allows you to edit, create, and delete roles as well as capabilities for these roles.
  • Multiple User Roles: Give one, two, or even more roles to any user.
  • Explicitly Deny Capabilities: Deny specific caps to specific user roles.
  • Clone Roles: Build a new role by cloning an existing role.
  • Content Permissions: Gives you control over which users (by role) have access to post content.
  • Shortcodes: Shortcodes to control who has access to content.
  • Widgets: A login form widget and users widget to show in your theme’s sidebars.
  • Private Site: You can make your site and its feed completely private if you want.
  • Plugin Integration: Members is highly recommended by other WordPress developers. Many existing plugins integrate their custom roles and caps directly into it.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.