Change WordPress user roles and capabilities › Forums › Bug Reports › Other Roles addon does not work on Administrator role.
Tagged: Bug, Other Roles
- This topic has 6 replies, 2 voices, and was last updated 6 years, 6 months ago by tanner.
-
AuthorPosts
-
22/06/2018 at 07:49 #4960tannerParticipant
I tried using the Other Roles addon on the Administrator role but the Administrator is still able to see blocked roles.
For example, I created a Webmaster role using User Role Editor and I don’t want it to show up in the Role or Other Roles dropdown menus in the Edit or Add User screens, specifically for the Administrator Role. I applied the Other Roles addon block – I blocked the Webmaster Role for the Administrator Role but when I am using a user with the Administrator Role permissions, they are still able to see Webmaster in the Role and Other Roles drop down in the Edit and Add User screens and as a filter (parse_query) for the Users page that lists all the users.
22/06/2018 at 08:00 #4962tannerParticipantIt also looks like you’re unable to block the the Administrator Role. Makes sense as a precaution but could you provide an option to override this similar to the “Show Administrator role at User Role Editor” option?
23/06/2018 at 11:09 #4966VladimirKeymasterI confirm such behavior. It’s by design. URE does not apply any restrictions to a user with ‘administrator’ role for the single site WordPress installation as such user is a superadmin there.
I agree that checkboxes available for the selection at the “Other Roles” dialog window for the ‘administrator’ role may confuse a user. I will fix this with the next update.
You can change this logic under WordPress multisite, as it’s not enough to have ‘administrator’ role in order to be superadmin there. It’s possible via custom filter ure_not_block_other_roles_for_local_admin.23/06/2018 at 11:12 #4967VladimirKeymaster1) URE hides ‘administrator’ role from ‘Role’ and ‘Other Roles’ drop-down lists by default.
2) URE exclude users with ‘administrator’ role from the users list by default.It makes this for users with ‘edit_users’ capability, which do not have ‘administrator’ role.
Thus there is no sense to hide/block ‘administrator’ role via ‘Other roles access’ add-on. ‘administrator’ checkbox is disabled for this reason.25/06/2018 at 09:15 #4972tannerParticipantI currently have a work around by creating an
admin
User Role that has a replica of theadministrator
role permissions so that I can modify the Other Roles Addon permissions foradmin
. This applies the latest information you explained, that users withedit_users
capability that is not theadministrator
cannot see theadministrator
assignment or list by default.What I’m not sure about is, when a new plugin is added that should provide the
administrator
more custom capabilities, do plugins usually provide capabilities to any role with specific capabilities or do they usually provide permissions to the specificadministrator
role? Without this understanding, I don’t know how effective the work around is and how much future maintenance I will have to deal with if the client decides to add new plugins.Can you clarify your statement “as such user is a superadmin there.” Not exactly sure what that means.
25/06/2018 at 11:19 #4974VladimirKeymasterPlugins on the activation (sometimes for the 1st time only) usually add custom capabilities exactly to the ‘administrator’ role to provide for admin a full access to a plugin.
If user can install new plugin, he can get a superadmin privileges in a minute adding to the site a plugin with a special PHP code. There is no sense to set any restrictions for such user, as he can overcome them in any moment.
New plugins should be installed by the person fully responsible for the site – superadmin. Even if user will not try to become a superadmin, adding new plugin may break the site – so it is a potential large problem for the future maintenance.
“as such user is a superadmin there.” – superadmin is a “God” for this site. He can anything. There are no restrictions for him inside existing functionality. There is no sense to limit him in any manner.
25/06/2018 at 17:41 #4975tannerParticipantThanks for the explanation. I see what you’re saying about the super admin. Unfortunately these are single sites so I have to make due with
administrator
-
AuthorPosts
- You must be logged in to reply to this topic.