Super Admin Role

  • I’m just checking out the plugin to see if it will work for our use case. I want to remove the ability for regular administrators to add or edit roles and/or capabilities, but I do want regular administrators to be able to assign capabilities and roles to users.

    Is it possible? What ure_ capabilities would allow for assignment but not add/edit of roles and capabilities to users?

    Thought here is to create a new role cloned from the Administrator role (Super Duper Admins) that has all the ure_ capabilities assigned to it, then adjust the ure_ capabilities for the Administrator role until admins can only assign but not add/edit roles and capabilities.

    I notice some funky behaviour when editing the ure_ capabilities for administrators. When I use the User Role Editor admin screens and edit the admin role, the ure_ capabilities are always checked, and i cannot uncheck them in the UI individually. I can click the (unlabeled) ‘check/uncheck all’ checkbox beside the Quick Filter label in the URE admin panel header and it will uncheck all. Then I click on an individual urd_ capability and save. This appears to work, as the admins can no longer see the User Role Editor link in the Users admin menu. However, if as a Super Duper Admin I edit the ure_ capabilities for admins again, all will be checked for the admin role.

    Hope that’s clear. Bit difficult to explain in words what a screen cap or two would show much quicker.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Vladimir Garagulya

    (@shinephp)

    Revoke from a role all ‘ure_’ capabilities. It will prohibit editing roles and capabilities, but if user has list_users, promote_users, edit_users, such user will can grant/revoke roles as user admin.

    In order to grant capabilities directly to users (via ‘Capabilities’ link under the user row) currently user should can ‘ure_manage_options’ – superadmin capability for URE plugin.

    URE tries to prevent the accidental revoking capabilities from the administrator role as this role is a superadmin for single site WordPress and user can lose access to the site after revoking critical capabilities from it. It seems you found a way how to make this. Thank you. I will close it with the next update.

    Thread Starter morriswanchuk

    (@morriswanchuk)

    I figured that I had discovered a likely bug after I realized that the plugin really doesn’t want the admin role to be edited (which makes perfect sense).

    Thanks for the reply!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Super Admin Role’ is closed to new replies.