Other Roles addon does not work on Administrator role.

[tanner]

I tried using the Other Roles addon on the Administrator role but the Administrator is still able to see blocked roles.

For example, I created a Webmaster role using User Role Editor and I don’t want it to show up in the Role or Other Roles dropdown menus in the Edit or Add User screens, specifically for the Administrator Role. I applied the Other Roles addon block – I blocked the Webmaster Role for the Administrator Role but when I am using a user with the Administrator Role permissions, they are still able to see Webmaster in the Role and Other Roles drop down in the Edit and Add User screens and as a filter (parse_query) for the Users page that lists all the users.

[tanner]

It also looks like you’re unable to block the the Administrator Role. Makes sense as a precaution but could you provide an option to override this similar to the “Show Administrator role at User Role Editor” option?

[Vladimir]

I confirm such behavior. It’s by design. URE does not apply any restrictions to a user with ‘administrator’ role for the single site WordPress installation as such user is a superadmin there.

I agree that checkboxes available for the selection at the “Other Roles” dialog window for the ‘administrator’ role may confuse a user. I will fix this with the next update.
You can change this logic under WordPress multisite, as it’s not enough to have ‘administrator’ role in order to be superadmin there. It’s possible via custom filter ure_not_block_other_roles_for_local_admin.

[Vladimir]

1) URE hides ‘administrator’ role from ‘Role’ and ‘Other Roles’ drop-down lists by default.
2) URE exclude users with ‘administrator’ role from the users list by default.

It makes this for users with ‘edit_users’ capability, which do not have ‘administrator’ role.
Thus there is no sense to hide/block ‘administrator’ role via ‘Other roles access’ add-on. ‘administrator’ checkbox is disabled for this reason.

[tanner]

I currently have a work around by creating an admin User Role that has a replica of the administrator role permissions so that I can modify the Other Roles Addon permissions for admin. This applies the latest information you explained, that users with edit_users capability that is not the administrator cannot see the administrator assignment or list by default.

What I’m not sure about is, when a new plugin is added that should provide the administrator more custom capabilities, do plugins usually provide capabilities to any role with specific capabilities or do they usually provide permissions to the specific administrator role? Without this understanding, I don’t know how effective the work around is and how much future maintenance I will have to deal with if the client decides to add new plugins.

Can you clarify your statement “as such user is a superadmin there.” Not exactly sure what that means.

[Vladimir]

Plugins on the activation (sometimes for the 1st time only) usually add custom capabilities exactly to the ‘administrator’ role to provide for admin a full access to a plugin.

If user can install new plugin, he can get a superadmin privileges in a minute adding to the site a plugin with a special PHP code. There is no sense to set any restrictions for such user, as he can overcome them in any moment.

New plugins should be installed by the person fully responsible for the site – superadmin. Even if user will not try to become a superadmin, adding new plugin may break the site – so it is a potential large problem for the future maintenance.

“as such user is a superadmin there.” – superadmin is a “God” for this site. He can anything. There are no restrictions for him inside existing functionality. There is no sense to limit him in any manner.

[tanner]

Thanks for the explanation. I see what you’re saying about the super admin. Unfortunately these are single sites so I have to make due with administrator

[Author]

Posts