Change WordPress user roles and capabilities Forums Bug Reports Global Roles and Capabilities setting

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • #1763
    farmzone.net
    Participant

    Continuation of discussion from WordPress.org

    Here’s what I have done, so you can better understand how I came to this thinking.

    I have setup Multisite, with WooCommerce on 1 Subsite but not on the Main Site.

    I go to Network Admin and edit the User roles, noticing some Roles that I will never use (for BackWPup). I delete those roles and as I don’t have WooCommerce I am now left with only the WP defaults.

    I Update Network. First problem here is that I can a notice that it will be applied to all subsites. I never got any indication that if there are other roles on a subsite only, that they will be deleted. Also, capabilities that are in a subsite but not the main also seem to be removed.

    I then go to the Subsite, and notice that both the Customer and Store Manager Roles that WooCommerce puts in are removed.

    My expectation is this.

    If I want to edit the main site roles, I will go to the main site admin. Same goes for Subsite roles. I expect that if I go to the Network Admin, I should get the Networks Roles and Capabilities as a whole.

    A good example is the user listings. If I go to the Main or to a Subsites users page, I see the users for that site only. If I go to the Network Admin and then Users, I see all users across all sites, main + subsites.

    Not saying I can’t work with the way it currently works, but it just seems out of tune with normal thinking. As it is I have to now consciously think how to go about things, rather than just doing something intuitively.

    #1764
    Vladimir
    Keymaster

    Thanks for sharing this.

    It’s a good point to start with.
    Let’s imaging we have the ‘Roles’ menu under Network Admin, which lists all existing roles in alphabetical order. And what’s further? This needs to be discussed.
    Users under Network Admin is about add/remove a user to the subsite. There is nothing about user rights at that subsite here, because user may have different roles and capabilities at every subsite.

    We may list roles similar Users list, that is to show the list of roles with sublist (at every role row) of subsites at which this role exists.
    But:
    1) if you wish to edit this role, physically it has a separate data set at every subsite. So the link ‘Edit’ under the role does not have sense in this mode. We need ‘edit’ link for every subsite.
    2) There are the multisite networks with very large quant of subsites (thousands). So the listing of this kind is unusable for the large networks.

    2nd (preferable) way to show this information – list all existing roles from all existing subsites as a separate rows with these required columns: role name, subsite. So you may quickly filter out needed role. There will be the ‘Edit’ link to open the selected role of selected subsite, ‘Delete’ link.
    What’s additional (including network related) functionality may be needed/available here?

    As about current model of work with roles under network admin, it’s appeared not at the empty place. A lot of multisite network owners wish to have the same roles set at every subsite. So this is a way to synchronize changes from the main site to the whole network.
    I’m ready to include more details to the confirmation message linked to the ‘Network Update’ button. Do you have your variant of such message?

    #1765
    farmzone.net
    Participant

    Firstly regarding the message, somehow warn that it will delete roles if not set in the main site. At this stage it says it will copy over the roles but doesn’t indicate if there is a role in the subsite that is not under the main site, that it will be removed.

    I understand it would be a very difficult thing to do and not everyone would want to do it.

    I personally would be happy with maybe an option to manage roles globally as I described. In terms of different roles for a user on different sites. The user role is not set globally, so I should be able to access all roles for all sites in one place and sync all sites to have same roles. Not sure how that will work for capabilities thou as WooCommerce capabilities wouldn’t be in a site that doesn’t run it (maybe auto add them). Then each user would be set a particular role per site, ie. they might have Admin for a subsite but only subscriber for the other sites.

    I imagine (and am open to suggestion as I am not a WordPress developer), that I could open a list of all roles globally, which when I go to edit that role, it collects all capabilities available globally. Once I set it up to my needs, I could then apply globally. If I need to adjust a single user I should edit that users roles and capabilities. I don’t expect to be able to have the same role on 2 sites each with different capabilities. More of just a way to be able to manage all roles on a global scale rather than each site.

    #1766
    farmzone.net
    Participant

    Sorry if I ramble a bit too. I find it hard to get my line of thinking written down so others can understand what I am talking about.

    Just taking a look now, if I went to Network Admin->Users->User Role Editor, then we could have a list of all roles across the network. Maybe in brackets next to it, which site they belong to if not all. It would then also list all capabilities available across the network too.

    Pick a role, then I could have a option to save to that site only, or sync it across all sites or select only some sites to apply the changes to, without changing other roles. If I want to have a role set a little different on a subsite, then I edit that role in the subsite and apply it only to that site. If I go back and edit that role and save it to all, then I expect it to overwrite my changes for that 1 site.

    Come to think of it, realistically I only need the ability to import and export to and from other sites, that add to the current roles. This way I could go to my non-woo site, import the Store Manager role from a Woo Site, and then save. I think what I am asking for is an option to manage roles on a network-wide scale better. If it’s an option then you will still cover those that don’t want that.

    #1767
    Vladimir
    Keymaster

    Thanks. Your suggestions are clear and helpful. I will include this work into my development plan. I will inform you as 1st update related to this functionality will be available.

    #1771
    armin
    Participant

    I just entered a Feature Request that might solve some of the issue.

    https://www.role-editor.com/forums/topic/keep-local-roles-when-update-network-by-superadmin/#post-1770

    🙂
    Armin

    #1772
    armin
    Participant

    On a general note: Documentation is a little messy due to a suite of blog posts explaining new features when they where implemented. Often, screenshots don’t match the most recent version of URE. For someone new to URE, it takes a long time to get these pieces together in your own head. (Thanks for your support yesterday, on Halloween!, BTW)

    What I miss most is an overview of your “philosophy”, i.e. architectual concept behind multisite role-based access. Or a helicopter view description of what URE can do in a multisite environment PLUS what it can not do (so well) or where conflicts might arise.

    https://en.wikipedia.org/wiki/Role-based_access_control is maybe helpful for your structuring. I am not sure it clarifies a lot for newbie users of URE…

    Finally, some sticky “HowTo” blog posts that match the most recent version would be helpful, i.e. “HowTo implement URE in a freshly set up multisite for XYZ application”.

    🙂
    Armin

    P.S. The plugin is great! Thanks for your work!

    #1777
    Vladimir
    Keymaster

    Thanks, Armin, for your feedback, suggestions and constructive critique.
    I agree with you and try to dedicate more time for the detailed documentation of plugin features.

Viewing 8 posts - 1 through 8 (of 8 total)
  • You must be logged in to reply to this topic.