Change WordPress user roles and capabilities › Forums › Give user access to plugin – how to › Prevent Admin user from removing other Admin users
- This topic has 12 replies, 2 voices, and was last updated 5 years, 7 months ago by Vladimir.
-
AuthorPosts
-
08/05/2019 at 18:52 #5660officezenParticipant
I’m not sure which forum category this falls under, but is it possible to set this up?
15/05/2019 at 05:17 #5673VladimirKeymasterExcuse for a delay with answer – I had 2 weeks vacation.
This is a feature active at User Role Editor by default.
Any user with ID not equal 1 (WordPress default admin user) which has ‘edit_users’ capability does not see users with ‘administrator’ role.
Pay attention that if user has ‘ure_manage_options’ capability URE counts him as a superadmin and does not apply to him any restrictions.Another way to restrict what users are shown (available for editing/deletion) to the current user is Other roles access add-on.
22/05/2019 at 21:37 #5703officezenParticipantMy original admin with user ID 1 (Admin: A) was accidentally removed by another admin user (Admin: B) added by the original admin.
The ure_manage_option for Admin: B IS enabled. What’s the repercussions of disabling this option?
I still need Admin: B to be able to remove non-admin users.
24/05/2019 at 01:42 #5705VladimirKeymasterIf you revoke ‘ure_manage_options’ capability for user, he will lose access to Settings->User Role Editor page and stop be superadmin for URE.
Workaround scenario:
If you do not use plugins which directly require ‘administrator’ role instead of some user capability, you may create a copy of ‘administrator’ role for additional administrators and block this role (and users with this role) from themselves via “Other roles access” add-on.
Then do not use user with ID=1 in a daily work.24/05/2019 at 03:19 #5706officezenParticipantI want to prevent this admin user from accidentally removing other admin user (myself, ID=1) while leaving him the ability to remove other non-admin users.
So does revoking the ‘ure_manage_options’ capability from this user achieve this?
24/05/2019 at 03:46 #5707VladimirKeymasterIf you revoke ‘ure_manage_options’ capability for user, he will stop be superadmin for URE. Thus it will not see other users with ‘administrator’ role.
It’s default security rule applied by URE for not superadmins.Be aware that if you grant to user access to Users->User Role Editor, such user can add ‘ure_manage_options’ back at any time.
24/05/2019 at 03:50 #5708officezenParticipantI’m a bit confused by your explanation here.
Is the admin user with no ‘ure_manage_options’ capability still able to remove non-admin users?
24/05/2019 at 03:58 #5709VladimirKeymasterYes, he will be able to delete users without this capability.
‘ure_manage_options’ is not related to user deletion at all.
Any user with list_users, ‘delete_users’ can delete user available to him at the Users list page.24/05/2019 at 04:01 #5710officezenParticipantThank you for the confirmation.
24/05/2019 at 05:09 #5713officezenParticipantWhat would be the reason I cannot deselect the “ure_manage_options” (or any other options for that matter) from the user?
Clicking on the blue checkmark does nothing.
24/05/2019 at 05:12 #5714VladimirKeymasterI suppose you try to revoke capability from administrator role. URE does not allow this to prevent accident lose of access to the site management.
Workaround – create a full copy of administrator role, revoke unneeded capabilities from it. Grant it to your other admins.
24/05/2019 at 20:55 #5717officezenParticipantWhere would I create a full copy of admin role, etc.?
I cannot seem to be able to locate that option.
25/05/2019 at 01:29 #5719VladimirKeymaster1) Users->User Role Editor->Add Role
2) Select ‘Administrator’ at ‘Make copy of’ drop-down menu
If ‘Administrator’ role is not available for selection, go to Settings->User Role Editor->General and turn ON ‘Show Administrator role at User Role Editor’ option.Or add new role even empty, then click a checkbox to the left from the “Quick filter” label. It will select all capabilities. Update Role.
-
AuthorPosts
- You must be logged in to reply to this topic.