View Access: Allow View
For Users: Selected User Roles
bbp_keymaster (This is “Keymaster” role)
Action: Show Access Error Message
For some reason, we have a user that can still access this page, even though he does not have the bbp_keymaster role.
We noticed that they can access the page when they have the “GA Site Administrator” role, which is a collection of many capabilities that seem distinct from the Keymaster roles as far as I can tell. When we remove the “GA Site Administrator” role, they get the access error message.
Are there any capabilities that allow the user to access pages even though they do not have the role specified in the page setup? Seems like apparently there are, but I’m trying to figure out which ones, or why?
I meant: “GA Site Administrator” role, which is a collection of many capabilities that seem distinct from the Keymaster capabilities as far as I can tell.
Basically GA Site Administrator is unrelated to Keymaster, yet it gives users ability to see the page. This ability to see pages by those that are not in the specified group to view the page could be a security risk.