22/06/2018 at 07:49 #4960
I tried using the Other Roles addon on the Administrator role but the Administrator is still able to see blocked roles.
For example, I created a Webmaster role using User Role Editor and I don’t want it to show up in the Role or Other Roles dropdown menus in the Edit or Add User screens, specifically for the Administrator Role. I applied the Other Roles addon block – I blocked the Webmaster Role for the Administrator Role but when I am using a user with the Administrator Role permissions, they are still able to see Webmaster in the Role and Other Roles drop down in the Edit and Add User screens and as a filter (parse_query) for the Users page that lists all the users.22/06/2018 at 08:00 #4962
It also looks like you’re unable to block the the Administrator Role. Makes sense as a precaution but could you provide an option to override this similar to the “Show Administrator role at User Role Editor” option?23/06/2018 at 11:09 #4966
I confirm such behavior. It’s by design. URE does not apply any restrictions to a user with ‘administrator’ role for the single site WordPress installation as such user is a superadmin there.
I agree that checkboxes available for the selection at the “Other Roles” dialog window for the ‘administrator’ role may confuse a user. I will fix this with the next update.
You can change this logic under WordPress multisite, as it’s not enough to have ‘administrator’ role in order to be superadmin there. It’s possible via custom filter ure_not_block_other_roles_for_local_admin.23/06/2018 at 11:12 #4967
1) URE hides ‘administrator’ role from ‘Role’ and ‘Other Roles’ drop-down lists by default.
2) URE exclude users with ‘administrator’ role from the users list by default.
It makes this for users with ‘edit_users’ capability, which do not have ‘administrator’ role.
Thus there is no sense to hide/block ‘administrator’ role via ‘Other roles access’ add-on. ‘administrator’ checkbox is disabled for this reason.25/06/2018 at 09:15 #4972
I currently have a work around by creating an
adminUser Role that has a replica of the
administratorrole permissions so that I can modify the Other Roles Addon permissions for
admin. This applies the latest information you explained, that users with
edit_userscapability that is not the
administratorcannot see the
administratorassignment or list by default.
What I’m not sure about is, when a new plugin is added that should provide the
administratormore custom capabilities, do plugins usually provide capabilities to any role with specific capabilities or do they usually provide permissions to the specific
administratorrole? Without this understanding, I don’t know how effective the work around is and how much future maintenance I will have to deal with if the client decides to add new plugins.
Can you clarify your statement “as such user is a superadmin there.” Not exactly sure what that means.25/06/2018 at 11:19 #4974
Plugins on the activation (sometimes for the 1st time only) usually add custom capabilities exactly to the ‘administrator’ role to provide for admin a full access to a plugin.
If user can install new plugin, he can get a superadmin privileges in a minute adding to the site a plugin with a special PHP code. There is no sense to set any restrictions for such user, as he can overcome them in any moment.
New plugins should be installed by the person fully responsible for the site – superadmin. Even if user will not try to become a superadmin, adding new plugin may break the site – so it is a potential large problem for the future maintenance.
“as such user is a superadmin there.” – superadmin is a “God” for this site. He can anything. There are no restrictions for him inside existing functionality. There is no sense to limit him in any manner.25/06/2018 at 17:41 #4975
Thanks for the explanation. I see what you’re saying about the super admin. Unfortunately these are single sites so I have to make due with
- You must be logged in to reply to this topic.