Deny Edit of Access Levels

  • Resolved amgrays

    (@amgrays)


    3 years, 9 months ago

    I am investigating the use of the plugin to provide “temporary admin-like” access to guest users. The ability to provide access for a restricted period of time is attractive. In addition the plugin provides a detailed matrix of permit/deny for all capabilities.

    If I give my user “manage_options” capability, they can then use the “User Access” menu as a backdoor to give themselves full access to the system. If the “manage_options” capability is denied, then they can’t see any settings at all which would be too restrictive in many cases.

    My suggestion would be to use the “promote_users” capability to control whether the User Access Access Levels can be edited or not. If “promote_users” capability is denied, then the user should only be able to see the Access Levels – not edit or trash them.

Viewing 1 replies (of 1 total)
  • Plugin Author Joachim Jensen

    (@intoxstudio)

    Thank you for this suggestion, I agree that the “promote_users” capability is better suited and will make this change in the next update ??

Viewing 1 replies (of 1 total)
  • The topic ‘Deny Edit of Access Levels’ is closed to new replies.