Roles and Capabilities
Languages:
English •
Français •
日本語 •
Português do Brasil •
中文(简体) •
(Add your language)
Description
WordPress uses a concept of Roles, designed to give the blog owner the ability to control and assign what users can and cannot do in the blog. A blog owner can manage and allow access to such functions as writing and editing posts, creating Pages, defining links, creating categories, moderating comments, managing plugins, managing themes, and managing other users. The tool that gives the blog owner this control is the ability to assign a Role to a user.
WordPress has five pre-defined Roles: Administrator, Editor, Author, Contributor and Subscriber. Each Role is allowed to perform a set of tasks called Capabilities. There are many Capabilities including publish_posts, moderate_comments, and edit_users. The default Capabilities are pre-assigned to each Role.
The Administrator Role is allowed to perform all possible Capabilities. Each of the other Roles has a decreasing number of allowed Capabilities. For instance, the Subscriber Role has just the read Capability. One particular Role should not be considered to be senior to another Role. Rather, consider that Roles define the user's responsibilities within the blog.
The WordPress Plugin API allows Roles and Capabilities to be added, removed and changed. Since Plugins might change Roles and Capabilities, just the default ones are addressed in this article.
Summary of Roles
- Super Admin - Someone with access to the blog network administration features controlling the entire network (See Create a Network).
- Administrator - Somebody who has access to all the administration features
- Editor - Somebody who can publish and manage posts and pages as well as manage other users' posts, etc.
- Author - Somebody who can publish and manage their own posts
- Contributor - Somebody who can write and manage their posts but not publish them
- Subscriber - Somebody who can only manage their profile
Upon installing WordPress, an Administrator account with all Capabilities is automatically created.
The default role for new users can be set from the Settings General SubPanel.
Roles
A Role defines the set of tasks a user is allowed to perform. For instance, the role of Administrator encompasses every possible task that can be performed within a WordPress blog. On the other hand, the Author role allows the execution of just a small subset of tasks.
The following sections list the default Roles and their Capabilities:
New with 3.0
The documentation needs to be updated to incorporate Multisite, and super admin.
All these capabilities are exclusive to the administrator role.
New with 3.1
Super Admin
-
Administrator
-
Editor
-
Author
-
Contributor
-
Subscriber
-
Capability vs. Role Table
| Capability | Super Admin | Administrator | Editor | Author | Contributor | Subscriber
|
| manage_network | | | | | |
|
| manage_sites | | | | | |
|
| manage_network_users | | | | | |
|
| manage_network_themes | | | | | |
|
| manage_network_options | | | | | |
|
| activate_plugins | | | | | |
|
| add_users | | | | | |
|
| create_users | | | | | |
|
| delete_plugins | | | | | |
|
| delete_themes | | | | | |
|
| delete_users | | | | | |
|
| edit_files | | | | | |
|
| edit_plugins | | | | | |
|
| edit_theme_options | | | | | |
|
| edit_themes | | | | | |
|
| edit_users | | | | | |
|
| export | | | | | |
|
| import | | | | | |
|
| install_plugins | | | | | |
|
| install_themes | | | | | |
|
| list_users | | | | | |
|
| manage_options | | | | | |
|
| promote_users | | | | | |
|
| remove_users | | | | | |
|
| switch_themes | | | | | |
|
| unfiltered_upload | | | | | |
|
| update_core | | | | | |
|
| update_plugins | | | | | |
|
| update_themes | | | | | |
|
| edit_dashboard | | | | | |
|
| moderate_comments | | | | | |
|
| manage_categories | | | | | |
|
| manage_links | | | | | |
|
| unfiltered_html | | | | | |
|
| edit_others_posts | | | | | |
|
| edit_pages | | | | | |
|
| edit_others_pages | | | | | |
|
| edit_published_pages | | | | | |
|
| publish_pages | | | | | |
|
| delete_pages | | | | | |
|
| delete_others_pages | | | | | |
|
| delete_published_pages | | | | | |
|
| delete_others_posts | | | | | |
|
| delete_private_posts | | | | | |
|
| edit_private_posts | | | | | |
|
| read_private_posts | | | | | |
|
| delete_private_pages | | | | | |
|
| edit_private_pages | | | | | |
|
| read_private_pages | | | | | |
|
| edit_published_posts | | | | | |
|
| upload_files | | | | | |
|
| publish_posts | | | | | |
|
| delete_published_posts | | | | | |
|
| edit_posts | | | | | |
|
| delete_posts | | | | | |
|
| read | | | | | |
|
Capabilities
switch_themes
edit_themes
- Since 2.0
- Allows access to Appearance > Theme Editor to edit theme files.
edit_theme_options
install_themes
activate_plugins
edit_plugins
install_plugins
edit_users
edit_files
- Since 2.0
- Note: No longer used.
manage_options
- Since 2.0
- Allows access to Administration Panel options:
- Settings > General
- Settings > Writing
- Settings > Reading
- Settings > Discussion
- Settings > Permalinks
- Settings > Miscellaneous
moderate_comments
- Since 2.0
- Allows users to moderate comments from the Comments SubPanel (although a user needs the edit_posts Capability in order to access this)
manage_categories
manage_links
upload_files
import
unfiltered_html
- Since 2.0
- Allows user to post HTML markup or even JavaScript code in pages, posts, and comments.
- Note: Enabling this option for untrusted users may result in their posting malicious or poorly formatted code.
edit_posts
- Since 2.0
- Allows access to Administration Panel options:
- Posts
- Posts > Add New
- Comments
- Comments > Awaiting Moderation
edit_others_posts
- Since 2.0
- Allows access to Administration Panel options:
- Manage > Comments (Lets user delete and edit every comment, see edit_posts above)
- user can edit other users' posts through function get_others_drafts()
- user can see other users' images in inline-uploading [no? see inline-uploading.php]
- See Exceptions
edit_published_posts
- Since 2.0
- User can edit their published posts. This capability is off by default.
- The core checks the capability edit_posts, but on demand this check is changed to edit_published_posts.
- If you don't want a user to be able edit his published posts, remove this capability. (see also this comment on the Role Manager Plugin Homepage).
publish_posts
- Since 2.0
- See and use the "publish" button when editing their post (otherwise they can only save drafts)
- Can use XML-RPC to publish (otherwise they get a "Sorry, you can not post on this weblog or category.")
edit_pages
read
- Since 2.0
- Allows access to Administration Panel options:
- Used nowhere in the core code except the menu.php
edit_others_pages
edit_published_pages
edit_published_pages
delete_pages
delete_others_pages
delete_published_pages
delete_posts
delete_others_posts
delete_published_posts
delete_private_posts
edit_private_posts
read_private_posts
delete_private_pages
edit_private_pages
read_private_pages
delete_users
create_users
unfiltered_upload
edit_dashboard
update_plugins
delete_plugins
update_core
list_users
remove_users
add_users
promote_users
delete_themes
export
edit_comment
manage_network
- Since 3.0
- Multi-site only
- Allows access to Super Admin menu
- Allows user to upgrade network
manage_sites
- Since 3.0
- Multi-site only
- Allows access to Network Sites menu
- Allows user to add, edit, delete, archive, unarchive, activate, deactivate, spam and unspam new site/blog in the network
manage_network_users
manage_network_themes
manage_network_options
User Levels
Prior to version 2.0, WordPress used a user User Levels system. This was replaced in version 2.0 with the much improved and more extensible Roles and Capabilities system you see today. To maintain backwards compatibility with plugins that still use the user levels system (although this is very much discouraged), the default Roles in WordPress also include Capabilities that correspond to these levels. User Levels were finally deprecated in version 3.0.
| Capability | Administrator | Editor | Author | Contributor | Subscriber
|
| level_10 | | | | |
|
| level_9 | | | | |
|
| level_8 | | | | |
|
| level_7 | | | | |
|
| level_6 | | | | |
|
| level_5 | | | | |
|
| level_4 | | | | |
|
| level_3 | | | | |
|
| level_2 | | | | |
|
| level_1 | | | | |
|
| level_0 | | | | |
|
User Level to Role Conversion
Change Log
- 1.5: User Levels system was introduced.
- 2.0: Roles and Capabilities system was introduced.
- 3.0: User Levels system deprecated.
Resources