“Admin pages permissions viewer” additional module shows the list of user capabilities checked for the current page by WordPress and theme and plugins code hooked to this page.
In order to activate this add-on go to the “Settings->User Role Editor->Additonal Modules” tab and turn ON “Activate wp-admin pages pemissions viewer” checkbox:
You will see “View page permissions” link at the bottom of every page under wp-admin. Like on screenshot below made for the “Users” page.
When you click on this link you will see the list of user capabilities checked by this page and plugins hooked to the code generated the page. You can click on user capability to see PHP call stack – to know from which files it was checked. Click on ‘more…’ link to the right of the call stack line will show 3 lines of source code from the related file.
These details would be needed to understand if this capability is really required for access to the data shown at this page. Plugins may hook to the actions executed at this page and check some capabilities, but this checking could be not related to this page at all. For example ‘edit_theme_options’ capability is checked by WordPress at any page as that checking was added to the ‘admin_head’ action:
Another example – WooCommerce, which checks user capability 1st, and just then checks if it’s a related page or it does not. Screenshot below was taken from the Users page. Apparently, this checking is required for the products list page only, but not for the “Users” page and any other.
Some time it’s better to deactivate unrelated plugins temporally to get more clear permissions picture for the selected page.
“View page permissions” link is available only for the users who can ‘ure_edit_roles’ capability.
