Codex tools: Log in / create account
The WordPress Roles feature is designed to give the blog owner the ability to control and assign what users can and cannot do in the blog. A blog owner must manage and allow access to such functions as writing and editing Posts, creating Pages, defining Links, creating Categories, moderating Comments, managing Plugins, managing Themes, and managing other users. The tool that gives the blog owner that control is the ability to assign a Role to a user.
WordPress Version 2.0 introduces the concept of Roles. The WordPress distribution comes delivered 'standard' with five pre-defined Roles: Administrator, Editor, Author, Contributor, and Subscriber. Each Role is allowed to perform a set of tasks called Capabilities. There are thirty Capabilities including publish_posts, moderate_comments, and edit_users. The Capabilities are pre-assigned to each Role.
The Administrator Role is allowed to perform all possible Capabilities. Each of the other Roles has a decreasing number of allowed Capabilities. For instance, the Subscriber Role is allowed just the read and level_0 Capabilities. One particular Role should not be considered to be 'senior to' another Role. Rather, consider that Roles define the user's responsibilities within the blog.
Plugin developers will likely revise the 'standard' Roles and Capabilities because WordPress Developers left open the future possibility of assigning a user to one or more Roles, or assigning Capabilities directly to a User. Since Plugins might change Roles and Capabilities, just the 'standard' Roles and Capabilities are addressed in this article.
The person with the most important Role is that of blog owner. Typically, the blog owner is the person responsibile for maintaining and backing up the WordPress MySQL database as well as managing the WordPress repository of files (programs, scripts, plugins, themes, images, uploads). Ultimately, the smooth operation of a blog depends on the blog owner fulfilling this 'ultimate role'. Note: The blog owner, in many cases, also acts the Role of Administrator but may choose to assign other users the Administrator Role.
The identity a particular user assumes in a blog is called their Role. A Role essentially describes the set of tasks, called Capabilities, a person is allowed to perform. For instance, the role of Administrator encompasses every possible task that can be performed within a WordPress blog. On the other hand, the Author Role allows the execution of just a small sub-set of Capabilities.
WordPress 2.0 simplifies the User Level approach of WordPress 1.5 by rolling up adjacent levels with similar permissions into logical, named roles. For example, Level 0 is now assigned to the Subscriber Role, while Levels 5 and 6 together make up the Editor role.
Role Name: Administrator
Role Name: Editor
Role Name: Author
Role Name Contributor
Role Name: Subscriber
| Capability | admin | editor | author | contributor | subscriber |
|---|---|---|---|---|---|
| switch_themes | |||||
| edit_themes | |||||
| activate_plugins | |||||
| edit_plugins | |||||
| edit_users | |||||
| edit_files | |||||
| manage_options | |||||
| import | |||||
| moderate_comments | |||||
| manage_categories | |||||
| manage_links | |||||
| unfiltered_html | |||||
| edit_published_posts | |||||
| edit_others_posts | |||||
| edit_pages | |||||
| upload_files | |||||
| publish_posts | |||||
| edit_posts | |||||
| read | |||||
| level_10 | |||||
| level_9 | |||||
| level_8 | |||||
| level_7 | |||||
| level_6 | |||||
| level_5 | |||||
| level_4 | |||||
| level_3 | |||||
| level_2 | |||||
| level_1 | |||||
| level_0 | |||||
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows - if enabled - the user to post HTML markup or even Javascript code in posts, pages or comments.
Note: Enabling this option for non-privileged users may result in their posting malicious code to your blog.
Allows access to Administration Panel options:
If an own post is published you need this capability to edit this post. The core checks the capability edit_posts but on demand this ceck is changed to edit_published_posts.
If you don't want what a user can edit his published posts, remove this capability. (see also this comment on the Role Manager Plugin Homepage).
User can
Allows access to Administration Panel options:
As far as I see all editors can edit each others' pages. [[[User:Scoop0901|Dave J. (Scoop0901)]] 16:38, 30 Jan 2007 (UTC) fixed typo]
Allows access to Administration Panel options:
Used nowhere in the core-code except the menu.php
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
User Level 0
User Level 1
User Levels 2, 3, and 4
User Levels 5, 6, and 7
User Level 8, 9, and 10
This article is marked as in need of editing. You can help Codex by editing it.