Introducing Role Scoper for WordPress
Intro to WordPress Roles · Role Scoper Description · Acknowledgements · Download · Usage Guide · News
WordPress: Capabilities, Roles and Wish Lists
Whenever you access a WordPress site, the software considers what you are trying to do: read a post, edit a page, manage categories. Most sites allow you to read posts and pages without logging in. Any other operation you may request is permitted only if your user definition (as identified by login name and password) includes a corresponding capability.
For administrative convenience, WordPress bundles capabilities into collections called roles. By default, these roles are:
Subscriber:
- read published posts and pages
Contributor:
- all Subscriber capabilities
- contribute a post (for review by editor), and edit it before publication
Author:
- all Contributor capabilities
- contribute a post, publish/unpublish/edit it, and moderate its comments
Editor:
- all Author capabilities
- contribute/publish/unpublish/edit any user’s post
- contribute or edit any page
- manage all categories and moderate any comment
- read posts and pages which are marked “private”
Administrator:
- all Editor capabilities
- define users and assign them roles
- configure all site options
This role configuration works well for WordPress’ conventional application as a single-user blog. But what if you want someone to contribute their own pages without editing other’s post or pages? Or maybe some users should edit other’s posts without being able to edit pages at all. The current solution is to use an existing plugin like Role Manager to either redefine “Editor”, or create a cloned “Special Editor” role, moving existing Editors to it as needed. As plugins come on board with additional capabilities, the role permutations increase. This one-role-per-user paradigm makes for simple source code and queries, but as a site shifts from single-user blog to multi-user CMS, role creation / editing is inconvenient for both developer and site administrator.
If you manage to successfully define and assign custom roles for your WordPress CMS, soon you will wonder how to grant reading or editing capabilities for multiple subsets of posts or pages. On your WordPress-powered high school news site, how can you enable someone to post only to the “Sports” category? On your corporate intranet site, can you conveniently enable members of HR to edit existing and future personnel policy pages (but not the engineering best practices pages)? Can you enable someone to create a new page, but specify a subset of “parent” pages it can be linked to? Can all these content-specific roles be administered on a sectional basis, or must someone edit/administer the whole site or nothing?
By default, WordPress doesn’t have a good answer to those CMS dreams, regardless of any custom roles you may define.
Some past and current WordPress plugins (Limit Categories, Category Visibility, Post Levels, Restrict Pages, Disclose Secret, WP-Group-Restriction) have dealt with pieces of this permissions puzzle. Using them, I appreciated a multitude of useful features. Yet as I tried and tried again to combine and configure this plugin assortment to meet all my WordPress CMS aspirations, there was always a missing piece.
Enter Role Scoper
Role Scoper is a comprehensive enrichment for capability enforcement and administration in WordPress. Assign reading, editing or administration roles to users or groups on a page-specific, category-specific or other content-specific basis.
Role Selection Boxes in Edit Post / Page Form (note: for basic usage, this is all you need to deal with):
screen shot: Role Assignment Tabs in Edit Post
screen shot: Role Assignment Tabs in Edit Page
Optionally, define User Groups for subsequent Role Assignment:
screen shot: Edit User Group
Each User’s WordPress role is honored by default, but can be:
- supplemented with content-specific role assignments
- disregarded if the role is restricted for the requested content
screen shot: Scoped Roles in User Profile
Set Category Restrictions to block reading/editing access for users who have a specified WordPress role but no corresponding Role Scoper role (note, post/page restrictions also available):
Assign Category Roles to expand reading or editing access:
^ click to examine Category Roles User Interface (sample html)
Scoped role restrictions and assignments are reflected in every aspect of the WordPress interface, from front end content and navigation to administrative post and comment totals.
Additional features:
- Propagation of Roles or Restrictions to subcategories / child pages
- Default Restrictions, Default Roles and Default Groups automate admin tasks
- Hidden Content Teaser: choose whether unreadable front-end content is hidden or replaced with a customizable teaser
- Role Administration Aides: Post/Page role assignment UI indicates where users have a role implicitly via WP role, category role or group membership. (Made possible by a new role storage schema and users_who_can function).
- Pending Revisions enable Contributors to edit a published post/page, with the change held for review by an administrator update: Pending Revisions are now handled by the Revisionary plugin.
- Internal File Cache limits Role Scoper’s database query overhead
- Attachment Filtering prevents direct file access to your uploaded images/documents if the user can’t view the containing post/page
- Plugin API allows other plugins to define their own data sources, taxonomies, capabilities and content-specific roles
- User Customization of Role Definitions (add or remove applicable capabilities for each content-specific role)
Although Role Scoper’s default configuration is ideal for most sites, its functionality and sphere of influence is highly customizable to match your usage.
^ click to examine Role Scoper Options User Interface (sample html)
Due to its abstract data model and API, Role Scoper can be extended to bring content-specific access control to other plugins which define and check WordPress capabilities. The resulting plugin-specific roles will supplement any other assigned roles; there is no need to merge all capabilities into an all-inclusive role.
Role Scoper has been a stable release since March 2009, with over 200,000 downloads. This plugin is open source software released under the General Public License (GPL). Due to limitations, obligations and non-technical aspirations common to most human beings, I will probably never again donate unpaid plugin development on the scale Role Scoper has required. However, I do plan to provide some free support, correct bugs which emerge and revise the plugin for future WordPress versions. If it adds value to your website or saves you time and money, you can express appreciation in several ways:
- Download Role Scoper and try it out on your WP 3.0+ site. (legacy version for WP 2.7-2.9 also available).
- Add your own vote to Role Scoper’s plugin rating
- Submit technical feedback, including improvement requests.
- Submit a case study, explaining how Role Scoper helps you do something excellent and praiseworthy.
- If the plugin has seriously broadened your CMS horizons,
- If you are a seasoned web developer, grant me your professional opinion on how this work stacks up and how I might best make a sustainable career of it.
- Hire or refer my services to develop or enhance your site - quality care at reasonable rates.
Posted: May 15th, 2008 under News, Role Scoper, WordPress Plugins.
Comments: 428
428 Responses to “Introducing Role Scoper for WordPress”
Pages: [11] 10 9 8 7 6 5 4 3 2 1 » Show All
Time: March 24, 2013, 5:27 pm
Interesting and quite elaborate. I really was looking for a plugin like this. Please consider that the italian traslation is incorrect and quite misleading. I had to disable it in order to undersand it all. Thanks for this plugin!
Time: January 15, 2013, 5:25 am
Hello! Thanks for your plugin. I have any problems. 1. I configurated the Restrictions for users: categories-> restricted. With the categories the role scoper work well, but with the pages does not work. I need that any users can read, modify a page and they can "sent to editor for revision". Too i need that the editors can "to autorize" this page and he can publish it. How can i restrict the pages? May i create pages parents? Or how can i to do it? When i restricted i have restricted "the new pages", the users colaborators can not add new pages.
Time: January 9, 2013, 10:16 pm
Thanks for the very useful plugin! To show my appreciation for all your work I have just left a donation for you.
Thanks again! Paul.
Time: December 11, 2012, 11:04 pm
[...] Scoper Role Scoper is a comprehensive enrichment for access control in WordPress, giving you CMS-like control of [...]
Time: November 19, 2012, 11:08 am
[...] Reworked from the previous version of Role Manager Plugin is written by David House and Owen Winkler. This plugin allows you to control roles and access for different authors on your blog. Similar plugins: Role Scoper [...]
Time: September 24, 2012, 12:42 pm
This plugin looks like it contributes significantly to membership management!
I am looking for a way to allow one member group to make post comments, while disallowing another group from doing so. Is this level of control possible with Role Scoper?
Time: September 15, 2012, 8:12 pm
I figured it out: Had nothing to do with Role Scoper; it was just deactivated. To see those fields (and others), just click Screen Options at the top right corner of the post page.
Time: September 14, 2012, 1:12 pm
Hello, one of my editors cannot access the excerpt box in posts. She can post, edit, update others, etc., and has pretty much everything else she needs. What permission controls the excerpt box?
Time: September 3, 2012, 3:06 pm
i never knew how to manage roles until i found this post. thanks.
Time: August 23, 2012, 5:01 pm
I just want to let a user be able to edit one specific page that is assigned to them and absolutely nothing else. Is this possible with this plugin or is their a simpler approach (this seems overkill for the one feature I am looking for). Thanks!
Time: August 20, 2012, 3:17 pm
Hi! I love this plugin, thank you! I have a quick question - I want to display the role name in use on my wordpress front end, for example: "welcome, kate (role: custom-role-name)" I can retrieve the standard wordpress roles, but not for custom roles. Any tips on how to expose the custom role name to the blog UI? Many thanks! Kate
Time: August 8, 2012, 7:13 am
http://wordpress.org/support/topic/role-scoper-vs-search-engines-bug Cuz the topic was close even when i totally disagree with the moderator opinion. Actually it was closed while i was adding a comment, so just to thank you again the help and time you spent on my prob. Please apologize if i cause you any inconvenience during our discussion. As i keep writing GREAT GREAT plugin and thanks for your effort on helping others to get a perfect websites.
Time: August 6, 2012, 7:33 am
Thanks for the reply Kevin, great plugin and great support, thanks Could you take a look to the link you pasted, cuz i am trying to "solve" the issue my site has, and until it is not complete i am not allowed to 2launch" in the web.
Time: August 4, 2012, 2:22 am
Role Scoper 1.3.56 adds PHP 5.4 compatibility.
Time: August 3, 2012, 9:55 am
Luis and pocoto,
http://wordpress.org/support/topic/role-scoper-vs-search-engines-bug?replies=4
Time: August 3, 2012, 8:32 am
By the way my site is faceing the same problem pocoto relates, some kinda categories restriction inconsistance. Instead of the restriction being the leader, are the permissions.
Time: August 3, 2012, 8:30 am
Yes Kevin you are perfect right. The problem with the search unleashed plugin is that it really does not care in the role restrictions/premissions. With relevansi v 2.9.XX works perfectly.
Time: August 1, 2012, 12:57 pm
The issue mentioned by Luis is a conflict with a search plugin I am not currently supporting. The Relevanssi plugin is supported (last tested with Relevanssi 2.9.15).
Time: July 21, 2012, 8:12 am
Will you be updating to be compatible with PHP 5.4?
Time: July 16, 2012, 6:19 am
Hi, the reason of this message is just to communicate a bug in the plugin i am hardly suffering. If a post is assigned to two categories and a user has read permission to one of them (and not to the other category), the user is still being allowed to read the post. it is supposed it has to be blocked isnt it? because there is a category which is not assgined to him with the read permission. how can i fix it? thanks in advanced
Time: June 25, 2012, 11:21 am
@miral, umm, all users have "Page Reader", so you did not restrict anything. See the "WP Roles" tab of the Optional panel, and then choose a less common right.
Hello, I've been using Role Scoper successfully for some time. I recently created some custom types and therefore had to adjust some realm settings. I noticed that Categories was checked, despite this not being something I was restricting with Role Scoper, so I unchecked it. Unfortunately, when categories is excluded form scoped realms, many of my categories become invisible. Any thoughts on how to fix that? It would be unfortunate to lose all of that heirarchical information if we ever had to remove Role Scope or upgrade to Press Permit.
Thanks!
Time: June 18, 2012, 10:03 am
Hi f.o.a. great plugin probably the best i found for wordpress letting the administrator take control of everything in the site. But i found a really big BUG, if a user use the search engine all the restricctions are not kept. so any idea how to solve it, i mean, avoiding users to read some post if they are not in the adequate group whether or not they are using the search engine? Thanks
Time: June 7, 2012, 6:31 am
[...] Role Scoper Plugin for WordPress | Agapetry. This entry was posted in user control by admin. Bookmark the permalink. Proudly powered by WordPress var sc_project=7590968; var sc_invisible=1; var sc_security="f810eb58″; [...]
Time: May 19, 2012, 12:01 pm
[...] Role Scoper [...]
Time: May 15, 2012, 2:59 pm
Hello Miral
Assigning a default Page Role grants additional access to the corresponding users for all subsequently created pages. It does not remove any editing access the user already has. If you set a default Page Restriction on the Page Contributor, Page Author and Page Editor roles, only pages for which a role is explicitly assigned will be editable.
The other alternative is simply to remove the editing capabilities from their WP role.
Time: May 15, 2012, 12:57 am
[...] Download Role Scoper is a comprehensive enrichment for access control in WordPress, giving you CMS-like control of permissions. [...]
Time: May 14, 2012, 2:13 pm
Hi Kevin!
Great plugin! Jen Z recommended it.
I'm trying to restrict page and post edit access for all my users except admin.
I installed the plugin.
I went Restrictions -> Pages and made Page Reader the default role for all pages. However, every user type are still able to edit the pagess and posts.
Am i missing something?
Thanks! Miral
Pages: [11] 10 9 8 7 6 5 4 3 2 1 » Show All
Time: May 9, 2013, 2:19 pm
Hi. This is the perfect plugin for what my client needs, but I have one problem…
I have one Post Category which has no restrictions on it because I wish it to be for public viewing, yet I cannot view it if I am logged out or by the public.
It is its own category, not a sub-category.
I have followed these instruction on the Usage Guide, to no avail: —– Granting Read Access by Post Category
Go to WP Admin -> Roles -> Category Scroll down to your category of interest, perhaps using the scroll link at top Select the roles you would like to assign Scroll to the top Select users and/or groups to assign selected roles Note that the adjacent dropdown indicates that the Update action will cause the selected roles to be assigned for posts in the selected section. If you want the same role to also be assigned for all current and future subcategories, change the dropdown to “assign for selected and sub-categories”. Click the Update button —-
Trying to figure out how to do this.
Thank you.