The Role Manager feature allows you to edit and add new roles as well as add and remove both default capabilities and custom capabilities from roles. It is an extremely powerful system.
Any changes you make to users and roles using this feature are permanent changes. This means that if you deactivate or uninstall this plugin, the changes won’t revert to their previous state. This plugin merely provides a user interface for you to make changes directly to your WordPress database. Please use this feature wisely.
This feature can be both a blessing and a curse, so we’re going to ask that you use it wisely. Use extreme caution when assigning new capabilities to roles. You wouldn’t want to grant Average Joe the
edit_plugins capability, for example.
You can find the settings page for this feature under the “Members” menu. It will be labeled “Roles”.
When clicking on the menu item, you’ll be taken to a screen similar to the edit post/page screen, only it’ll be for editing a role.
In the “Edit Capabilities” box on that screen, you simply have to tick the checkbox next to the capability you want to grant or deny.
Grant, deny, or neither?
Every capability can have one of three “states” for a role. The role can be granted, denied, or simply not have a capability.
- Granting a capability to a role means that users of that role will have permission to perform the given capability.
- Denying a capability means that the role’s users are explicitly denied permission.
- A role that is neither granted nor denied a capability simply doesn’t have that capability.
Note: When assigning multiple roles to a single user that have a conflicting capability (e.g., granted
publish_posts and denied
published_posts cap), it’s best to enable the denied capabilities override via the Members Settings screen. This will consistently make sure that denied capabilities always overrule granted capabilities. With this setting disabled, WordPress will decide based on the last role given to the user, which can mean for extremely inconsistent behavior depending on the roles a user has.