A comboBox on the edit user page allows each user to be assigned to a single, pre-defined role. However, tools (web pages) to develop custom roles or to assign specific capabilities to a single user are not provided.
Design Problems
Specifically, the read capability is required for users to edit their profiles and to control the admin menu display as either icons (which frequently fails to work correctly) or as words. Unfortunately, this capability also allows any logged in user to access the Dashboard (which has its own capability) and to update the software (a major security problem).
Admin Menus
| Top Level (icon) | Sub-Menu | Capability | File |
|---|---|---|---|
| Dashboard | read | index.php | |
| Spacer | read | separator1 | |
| Posts | edit_posts | edit.php | |
| Edit | edit_posts | edit.php | |
| Add New | edit_posts | post-new.php | |
| Post Tags | manage_categories | edit-tags.php?taxonomy= | |
| [optional] | manage_categories | edit-tags.php?taxonomy= | |
| Categories | manage_categories | categories.php | |
| Media | upload_files | upload.php | |
| Library | upload_files | upload.php | |
| Add New | upload_files | media-new.php | |
| Links | manage_links | link-manager.php | |
| Edit | manage_links | link-manager.php | |
| Add New | manage_links | link-add.php | |
| Link Categories | manage_categories | edit-link-categories.php | |
| Pages | edit_pages | edit-pages.php | |
| Edit | edit_pages | edit-pages.php | |
| Add New | edit_pages | page-new.php | |
| Comments | edit_posts | edit-comments.php | |
| Spacer | read | separator2 | |
| Appearance | switch_themes | themes.php | |
| Themes | switch_themes | themes.php | |
| Editor | edit_themes | theme-editor.php | |
| Add New Themes | install_themes | theme-install.php | |
| Plugins | activate_plugins | plugins.php | |
| Installed | activate_plugins | plugins.php | |
| Add New | install_plugins | plugin-install.php | |
| Editor | edit_plugins | plugin-editor.php | |
| Users | edit_users | users.php | |
| Authors & Users | edit_users | users.php | |
| Add New | create_users | user-new.php | |
| Your Profile | read | profile.php | |
| Profile | read | profile.php | |
| Your Profile | read | profile.php | |
| Tools | read | tools.php | |
| Tools | read | tools.php | |
| Import | import | import.php | |
| Export | import | export.php | |
| Upgrade | install_plugins | update-core.php | |
| Settings | manage_options | options-general.php | |
| General | manage_options | options-general.php | |
| Writing | manage_options | options-writing.php | |
| Reading | manage_options | options-reading.php | |
| Discussion | manage_options | options-discussion.php | |
| Media | manage_options | options-media.php | |
| Privacy | manage_options | options-privacy.php | |
| Permalinks | manage_options | options-permalink.php | |
| Miscellaneous | manage_options | options-misc.php |
Capabilities and Roles (Sorted by Type)
| Capability | Administrator | Editor | Author | Contributor | Subscriber | version |
|---|---|---|---|---|---|---|
| Themes | ||||||
| install_themes | x | 2.8 | ||||
| edit_themes | x | 1.6 | ||||
| update_themes | x | 2.7 | ||||
| switch_themes | x | 1.6 | ||||
| Plugins | ||||||
| install_plugins | x | 2.7 | ||||
| update_plugins | x | 2.6 | ||||
| edit_plugins | x | 1.6 | ||||
| delete_plugins | x | 2.6 | ||||
| activate_plugins | x | 1.6 | ||||
| Dashboard, Admin | ||||||
| edit_dashboard | x | 2.5 | ||||
| manage_categories | x | x | 1.6 | |||
| manage_links | x | x | 1.6 | |||
| manage_options | x | 1.6 | ||||
| import | x | 1.6 | ||||
| edit_files | x | 1.6 | ||||
| Users | ||||||
| create_users | x | 2.1 | ||||
| edit_users | x | 1.6 | ||||
| delete_users | x | 2.1 | ||||
| Capability | Administrator | Editor | Author | Contributor | Subscriber | version |
| Pages (undated static text) | ||||||
| edit_pages | x | x | 1.6 | |||
| edit_others_pages | x | x | 2.1 | |||
| edit_published_pages | x | x | 2.1 | |||
| publish_pages | x | x | 2.1 | |||
| delete_pages | x | x | 2.1 | |||
| delete_others_pages | x | x | 2.1 | |||
| delete_published_pages | x | x | 2.1 | |||
| delete_private_pages | x | x | 2.1 | |||
| edit_private_pages | x | x | 2.1 | |||
| read_private_pages | x | x | 2.1 | |||
| Posts (dated pages, may be added to calendar) | ||||||
| edit_posts | x | x | x | x | 1.6 | |
| edit_others_posts | x | x | 1.6 | |||
| edit_published_posts | x | x | x | 1.6 | ||
| publish_posts | x | x | x | 1.6 | ||
| moderate_comments | x | x | 1.6 | |||
| delete_posts | x | x | x | x | 2.1 | |
| delete_others_posts | x | x | x | 2.1 | ||
| delete_published_posts | x | x | 2.1 | |||
| delete_private_posts | x | x | 2.1 | |||
| edit_private_posts | x | x | 2.1 | |||
| read_private_posts | x | x | 2.1 | |||
| Capability | Administrator | Editor | Author | Contributor | Subscriber | version |
| General (used with both Pages and Posts) | ||||||
| upload_files | x | x | x | 1.6 | ||
| unfiltered_html | x | x | 1.6 | |||
| unfiltered_upload | x | 2.3 | ||||
| Numbered capabilities (legacy method - used by some plugins) | ||||||
| level_10 | x | 1.6 | ||||
| level_9 | x | 1.6 | ||||
| level_8 | x | 1.6 | ||||
| level_7 | x | x | 1.6 | |||
| level_6 | x | x | 1.6 | |||
| level_5 | x | x | 1.6 | |||
| level_4 | x | x | 1.6 | |||
| level_3 | x | x | 1.6 | |||
| level_2 | x | x | x | 1.6 | ||
| level_1 | x | x | x | x | 1.6 | |
| level_0 | x | x | x | x | x | 1.6 |
| Major design problem (enables the user to destroy the system) | ||||||
| read | x | x | x | x | x | 1.6 |
Capabilities and Roles (Sorted by Version)
| Capability | Administrator | Editor | Author | Contributor | Subscriber |
|---|---|---|---|---|---|
| Version 1.6 | |||||
| switch_themes | x | ||||
| edit_themes | x | ||||
| activate_plugins | x | ||||
| edit_plugins | x | ||||
| edit_users | x | ||||
| edit_files | x | ||||
| manage_options | x | ||||
| moderate_comments | x | x | |||
| manage_categories | x | x | |||
| manage_links | x | x | |||
| upload_files | x | x | x | ||
| import | x | ||||
| unfiltered_html | x | x | |||
| edit_posts | x | x | x | x | |
| edit_others_posts | x | x | |||
| edit_published_posts | x | x | x | ||
| publish_posts | x | x | x | ||
| edit_pages | x | x | |||
| read | x | x | x | x | x |
| level_10 | x | ||||
| level_9 | x | ||||
| level_8 | x | ||||
| level_7 | x | x | |||
| level_6 | x | x | |||
| level_5 | x | x | |||
| level_4 | x | x | |||
| level_3 | x | x | |||
| level_2 | x | x | x | ||
| level_1 | x | x | x | x | |
| level_0 | x | x | x | x | x |
| Version 2.1 | |||||
| edit_others_pages | x | x | |||
| edit_published_pages | x | x | |||
| publish_pages | x | x | |||
| delete_pages | x | x | |||
| delete_others_pages | x | x | |||
| delete_published_pages | x | x | |||
| delete_posts | x | x | x | x | |
| delete_others_posts | x | x | x | ||
| delete_published_posts | x | x | |||
| delete_private_posts | x | x | |||
| edit_private_posts | x | x | |||
| read_private_posts | x | x | |||
| delete_private_pages | x | x | |||
| edit_private_pages | x | x | |||
| read_private_pages | x | x | |||
| delete_users | x | ||||
| create_users | x | ||||
| Version 2.3 | |||||
| unfiltered_upload | x | ||||
| Version 2.5 | |||||
| edit_dashboard | x | ||||
| Version 2.6 | |||||
| update_plugins | x | ||||
| delete_plugins | x | ||||
| Version 2.7 | |||||
| install_plugins | x | ||||
| update_themes | x | ||||
| Version 2.8 | |||||
| install_themes | x | ||||