Restrict custom role to not edit/delete shop_manager but customer

Try to add this code to the active theme functions.php file or set it as a Must Use plugin:

add_filter('editable_roles', 'exclude_shop_manager_for_associate', 10, 1);
function exclude_shop_manager_for_associate( $roles ) {
    $user = wp_get_current_user();
    if ( in_array( 'shop_associate', $user->roles ) ) {
        if ( isset( $roles['shop_manager'] ) ) {
            unset( $roles['shop_manager'] );
        }
    }

    return $roles;
}

Hello @shinephp ,
It is not working for me.

Please confirm if the following capabilities are correct.
1. shop_associate: delete_users, edit_users, list_users
2. shop_manager: delete_users, edit_users, list_users

Capabilities are correct for the editing users purpose.

Yes, piece of code above does not allow to assign ‘shop_manager’ role to any user.
Yes it does not restrict a deletion of user with ‘shop_manager’ role.

URE realizes a protection similar to one you need for WordPress built-in administrator user. So if you are PHP developer you can take it for the starting point – user-role-editor/includes/classes/protect-admin.php.

URE Pro includes “Other roles access” add-on, which allows for selected role to block access to the other roles and all users, which have blocked roles.