Introducing Role Scoper for WordPress
Intro to WordPress Roles · Role Scoper Description · Acknowledgements · Download · Usage Guide · News
WordPress: Capabilities, Roles and Wish Lists
Whenever you access a WordPress site, the software considers what you are trying to do: read a post, edit a page, manage categories. Most sites allow you to read posts and pages without logging in. Any other operation you may request is permitted only if your user definition (as identified by login name and password) includes a corresponding capability.
For administrative convenience, WordPress bundles capabilities into collections called roles. By default, these roles are:
Subscriber:
- read published posts and pages
Contributor:
- all Subscriber capabilities
- contribute a post (for review by editor), and edit it before publication
Author:
- all Contributor capabilities
- contribute a post, publish/unpublish/edit it, and moderate its comments
Editor:
- all Author capabilities
- contribute/publish/unpublish/edit any user’s post
- contribute or edit any page
- manage all categories and moderate any comment
- read posts and pages which are marked “private”
Administrator:
- all Editor capabilities
- define users and assign them roles
- configure all site options
This role configuration works well for WordPress’ conventional application as a single-user blog. But what if you want someone to contribute their own pages without editing other’s post or pages? Or maybe some users should edit other’s posts without being able to edit pages at all. The current solution is to use an existing plugin like Role Manager to either redefine “Editor”, or create a cloned “Special Editor” role, moving existing Editors to it as needed. As plugins come on board with additional capabilities, the role permutations increase. This one-role-per-user paradigm makes for simple source code and queries, but as a site shifts from single-user blog to multi-user CMS, role creation / editing is inconvenient for both developer and site administrator.
If you manage to successfully define and assign custom roles for your WordPress CMS, soon you will wonder how to grant reading or editing capabilities for multiple subsets of posts or pages. On your WordPress-powered high school news site, how can you enable someone to post only to the “Sports” category? On your corporate intranet site, can you conveniently enable members of HR to edit existing and future personnel policy pages (but not the engineering best practices pages)? Can you enable someone to create a new page, but specify a subset of “parent” pages it can be linked to? Can all these content-specific roles be administered on a sectional basis, or must someone edit/administer the whole site or nothing?
By default, WordPress doesn’t have a good answer to those CMS dreams, regardless of any custom roles you may define.
Some past and current WordPress plugins (Limit Categories, Category Visibility, Post Levels, Restrict Pages, Disclose Secret, WP-Group-Restriction) have dealt with pieces of this permissions puzzle. Using them, I appreciated a multitude of useful features. Yet as I tried and tried again to combine and configure this plugin assortment to meet all my WordPress CMS aspirations, there was always a missing piece.
Enter Role Scoper
Role Scoper is a comprehensive enrichment for capability enforcement and administration in WordPress. Assign reading, editing or administration roles to users or groups on a page-specific, category-specific or other content-specific basis.
Role Selection Boxes in Edit Post / Page Form (note: for basic usage, this is all you need to deal with):
screen shot: Role Assignment Tabs in Edit Post
screen shot: Role Assignment Tabs in Edit Page
Optionally, define User Groups for subsequent Role Assignment:
screen shot: Edit User Group
Each User’s WordPress role is honored by default, but can be:
- supplemented with content-specific role assignments
- disregarded if the role is restricted for the requested content
screen shot: Scoped Roles in User Profile
Set Category Restrictions to block reading/editing access for users who have a specified WordPress role but no corresponding Role Scoper role (note, post/page restrictions also available):
Assign Category Roles to expand reading or editing access:
^ click to examine Category Roles User Interface (sample html)
Scoped role restrictions and assignments are reflected in every aspect of the WordPress interface, from front end content and navigation to administrative post and comment totals.
Additional features:
- Propagation of Roles or Restrictions to subcategories / child pages
- Default Restrictions, Default Roles and Default Groups automate admin tasks
- Hidden Content Teaser: choose whether unreadable front-end content is hidden or replaced with a customizable teaser
- Role Administration Aides: Post/Page role assignment UI indicates where users have a role implicitly via WP role, category role or group membership. (Made possible by a new role storage schema and users_who_can function).
- Pending Revisions enable Contributors to edit a published post/page, with the change held for review by an administrator update: Pending Revisions are now handled by the Revisionary plugin.
- Internal File Cache limits Role Scoper’s database query overhead
- Attachment Filtering prevents direct file access to your uploaded images/documents if the user can’t view the containing post/page
- Plugin API allows other plugins to define their own data sources, taxonomies, capabilities and content-specific roles
- User Customization of Role Definitions (add or remove applicable capabilities for each content-specific role)
Although Role Scoper’s default configuration is ideal for most sites, its functionality and sphere of influence is highly customizable to match your usage.
^ click to examine Role Scoper Options User Interface (sample html)
Due to its abstract data model and API, Role Scoper can be extended to bring content-specific access control to other plugins which define and check WordPress capabilities. The resulting plugin-specific roles will supplement any other assigned roles; there is no need to merge all capabilities into an all-inclusive role.
Role Scoper has been a stable release since March 2009, with over 200,000 downloads. This plugin is open source software released under the General Public License (GPL). Due to limitations, obligations and non-technical aspirations common to most human beings, I will probably never again donate unpaid plugin development on the scale Role Scoper has required. However, I do plan to provide some free support, correct bugs which emerge and revise the plugin for future WordPress versions. If it adds value to your website or saves you time and money, you can express appreciation in several ways:
- Download Role Scoper and try it out on your WP 3.0+ site. (legacy version for WP 2.7-2.9 also available).
- Add your own vote to Role Scoper’s plugin rating
- Submit technical feedback, including improvement requests.
- Submit a case study, explaining how Role Scoper helps you do something excellent and praiseworthy.
- If the plugin has seriously broadened your CMS horizons,
- If you are a seasoned web developer, grant me your professional opinion on how this work stacks up and how I might best make a sustainable career of it.
- Hire or refer my services to develop or enhance your site - quality care at reasonable rates.
Posted: May 15th, 2008 under News, Role Scoper, WordPress Plugins.
Comments: 396
396 Responses to “Introducing Role Scoper for WordPress”
Pages: [10] 9 8 7 6 5 4 3 2 1 » Show All
Time: February 10, 2012, 12:36 pm
John, your required settings are right in the Edit Page form. All you need to do is check the "Restrict for Page" checkbox in the "Editors" metabox. Then (in the same "Editors" metabox) select the users and/or groups who should edit the page.
If you are also running the Revisionary plugin, you will need to also check the "Restrict for Page" checkbox in the "Contributors" and "Revisors" metaboxes.
Time: February 10, 2012, 12:29 pm
CB, to require admin approval for publication of new posts, just give your users a Contributor role. The Contributor role can be modified (using a role editor such as Capability Manager, Members or User Role Editor) to include the switch_themes capability. But neither WordPress nor any of my plugins provide a way for the theme switch to be moderated.
Time: February 8, 2012, 9:09 am
You can ignore my previous comment, I just managed to disable and remove the plugin. Something seems to have messed with the parent/child relationships between pages though…
I was using get_pages with 'parent' => 18 in various places in my theme (pulling featured images out of child pages), but now that code doesn't work. I now need to alter all those lines to read 'child_of' => 18 instead. Using 'child_of' is quite probably a better way to do this anyway, however I can safely say this never gave any problems before I installed or while I was running RS, only cropped up after it was removed.
Either way, I'll keep digging to try find the true cause of the problem… If I find anything useful I'll post back here. 
Time: February 7, 2012, 5:26 am
Hello there! Like FanaticWeb I also tried installing the plugin and got the same message saying that there was a fatal error. How to fix this? Please help.
Time: February 7, 2012, 5:06 am
Hey Kevin. I've been trying out Role Scoper for a while on a site I'm busy developing. However, now I'm having some issues when I try disable it…
With it enabled, the site responds as normal. But when I disable it, none of the pages finish loading in any browser. Internet Explorer at least gives me a warning about "a script is taking too long to run", however in other browsers (namely Chrome and Firefox) the tab simply stops responding.
To get the site working again, I need to log in using IE, stop whatever script is taking so long, and enable RS again. But this isn't helping me right now since I need to disable it to test something else.
I'm currently running WP 3.2.1 with RS 1.3.50. Any ideas here…?
Time: January 31, 2012, 5:07 pm
Kevin, I am the webmaster for nptrouter.com on which we have used WordPress for a Guide-Blog. Within the blog, we want to have three pages: 1) a welcome page; 2) a Guide-Blog page; 3) a Customers page. We want everyone who visits the website to be able to read all content on all three blog pages and to make comments on all pages. However, we want to establish following permissions that are page specific as far as doing any posting to pages 2) and 3): Page 2): Only admin and designated editors/authors may post to this page. Page 3): Only admin and designated contributors (customers) may post to this page.
We tried to use RS to do this, but can't get it to work the way we want. When we think we have the restrictions and permissions set the way you describe for what we are trying to do, any and all posts by whoever appear on both pages.
Can you please advise us how to set up RS to do what we want?
Time: January 26, 2012, 5:55 pm
Hi there. I want to create a custom role where a blogger can post photos and text content and can choose themes, but where all these changes require admin approval to be published. Is this possible?
Time: January 18, 2012, 5:02 pm
[...] spent a bit of time checking out Role Scoper last night as a potential solution to the age-old "f-locked posts on WordPress" [...]
Time: January 9, 2012, 4:27 pm
Suzanne, that sounds like an PHP "out of memory" error. If so, you will need to either increase your memory limit or deactivate some other plugin(s).
Time: January 5, 2012, 4:14 pm
[...] to the Role Scoper plugin here, the download link is on the page. Role Scoper is a plugin that enables and enhances the [...]
Time: January 1, 2012, 4:09 pm
[...] info: Role-scoper Bookmark on Delicious Recommend on Facebook Tweet about it Bookmark in Browser Tell a [...]
Time: January 1, 2012, 12:40 am
Hi, I have Role Scoper 1.3.27 and recently updated to Wordpress 3.3. When I click "Activate Plugin" on Role Scoper the whole plugins page goes blank and my website goes blank. I have to do a .hold on the plugin in ftp to get the website back again.
I understand a previous web developer put a lot of time into setting up the settings for the Role Scoper we're using, so I'm loathe to just delete it and reinstall…..can you advise on what I should do to get the plugin activated and working again?
Time: December 19, 2011, 3:59 pm
@Mba helsinki: you could user Restrictions > Categories to set a default restriction on the Post Reader role for all categories. Then go to Roles > Categories and give the [WP Contributor] group a Post Reader role for all appropriate categories. Next, enable the Hidden Content Teaser with "excerpt as teaser" option.
Time: December 19, 2011, 3:50 pm
@LT, no, Role Scoper does not alter comment notification settings.
Time: December 14, 2011, 12:21 pm
[...] Introducing Role Scoper for WordPress [...]
Time: November 21, 2011, 10:19 pm
[...] a nice, manageable hierarchy. But it doesn't play nice with another great WordPress plugin, Role Scoper, which is also likely to be installed on large websites. Hooks to the [...]
Time: November 15, 2011, 8:33 pm
Hi there,
With your plugin, does it allow the admin to assign all users to receive comments (via email) by default?
Time: November 11, 2011, 10:15 am
I am working on a collaborative research project, and I would like to share the summaries of contributions (excerpts) with anyone visiting the site, so they can get a gist of the work. But I would like the contributors to be able to view the juicy details (content) of other contributors, and edit their own.
Time: November 3, 2011, 11:12 am
Colin,
Did you open one of the plugin files in an editor or re-upload via ftp? It sounds like you somehow picked up an line break or other whitespace character at the beginning or end of a file. It probably won't matter, but could cause a "headers already sent" error depending on what your other plugins are doing. Try deleting the plugin files and installing a fresh copy.
Time: November 3, 2011, 10:18 am
Paulo,
It sounds like you have some good ideas for customized file upload and display templates. That type of custom template could be developed in conjunction with Role Scoper but it's not something that the plugin provides out of the box.
Time: October 24, 2011, 6:09 pm
Hi there
Thanks for this plugin! I am using your plugin for a while and it's been working great, however I had some issues over the weekend and had deactivated it. Now when I reactivate it I get the following message appearing -
"The plugin generated 1 characters of unexpected output during activation. If you notice “headers already sent” messages, problems with syndication feeds or other issues, try deactivating or removing this plugin."
Is this anything I need to worry about and can I fix it?
Thanks
Colin
Time: October 19, 2011, 9:49 am
Good morning to all!
My name is Paulo Tresena, I live in Brazil and work as a developer.
I am developing a site in WordPress and I need a restricted area for many users, where I would create the same name and password each. Each user would have their own area with their files. The redirection would be done through a form on a given page, which would check the name and the User and send it to their respective area.
Anyway … I indicated that plugin, but found much difficulty and could not find any tutorial that could help me in this case.
It is a very simple thing, but I'm very headache to accomplish.
I ask for urgent help and now, thanks!
Sincerely,
Paulo Tresena paulotresena@gmail.com
Time: October 10, 2011, 9:55 am
jellis00 - I'm going to assume that by "posting on a page", you mean creating subpages of it. That's a two step configuration with Role Scoper:
1. assign the Page Author role via Roles > General
2. assign the Page Associate role for desired parent pages via Roles > Pages (or via Associates metabox in each page edit form)
Time: October 8, 2011, 11:47 pm
Role Scoper doesn't appear to do one of the things I need. I need to control who can post on each page by User Role. All the plug-ins I see (including Role Scope) only let you control who has ACCESS to each page by User Role…not who has POSTING permission on each page by User Role. Does anyone know of a plug-in or how to do this?
Time: October 8, 2011, 6:39 am
[...] Role Scoper – allows different access permissions to be set across the site. We have not implemented this yet, but the plan would be to give out different department logins with permissions only to update only that department's pages [...]
Time: October 7, 2011, 3:46 am
Sweet! I will start tinkering with it now.
Time: October 5, 2011, 5:26 pm
Hi Kevin, Your plugin seems very well made and very capable. I am still learning exactly what it can do and what it is capable of. Thank you for your hard work and shared talents!
What I'm trying to do is this: my site is a classifieds site for a particular city. In almost every case, the classifieds are free for the user to post. But there are certain 'commercial' categories I would like to restrict to only the Administrators.
Is it possible to allow all posts/pages to be seen by everybody, but for the restrictions to be applied JUST to posting in certain categories? I tried to do this but found that those in the restricted group couldn't even see the post categories.
Thanks in advance, Kyler
Time: October 5, 2011, 12:36 am
Chan,
Yes, it sounds like the Hidden Content Teaser is what you need. Set it to one of the excerpt modes (adjustable for each post type). By default, private post visibility will also cause this teaser display, but can be configured to completely hide the posts if you prefer.
Time: October 4, 2011, 9:27 pm
listweb,
Just go to Roles > Category and assign a Post Editor role to the [WP Contributor] group for the "wiki" category.
Time: October 3, 2011, 6:24 am
I stumbled across your plugin, and it sounds like it will take care of a wishlist feature I've been craving, and much more. However, I want to ask the basic question first:
I would like for all my posts to show to everybody on the home page, search results, etc, with the title and excerpt. When they view the actual post, I would like the content viewable by certain groups, like admins and contributors, but only the excerpt to everyone else.
I am working on a collaborative research project, and I would like to share the summaries of contributions (excerpts) with anyone visiting the site, so they can get a gist of the work. But I would like the contributors to be able to view the juicy details (content) of other contributors, and edit their own. So, anyone visiting the site can learn that contributor Bob has "submitted my interesting weekend results" on tuesday, but other contributors can view the actual data from the results. I don't want to hide post altogether from random visitors, the way a "private" post would. I would like them to get an edited view of our work in progress, which could be typed up in an excerpt. And the collaborating team members can still easily view the full details of each others' submissions, just by logging in.
Is this what the teaser feature will allow me to do? Create a post that has full content for some groups, but a teaser view for the rest?
Time: September 22, 2011, 10:23 pm
Hello, I wonder how do all contributors can edit the post if the post is in category "wiki".
I've tried to use the plugin "Role Scope" but without success =(
Any idea?
Thanks!
Time: September 8, 2011, 8:21 am
WOW this plugin is beyond anything else I have seen, it actually recognised the custom posts of my theme, the installation was smooth, left everything at its default state, but for some weird reason, only ONE section of my blog was giving me 404 errors:
I'm using a classified theme (custom posts), in the main navigation menu, there's a Dropdown for Categories to browse through, and no matter what category I choose, i get a 404 error, yet all the other pages are fine.
I thought maybe its a permalink issue, went back and resaved the permalinks, to no avail, I then uninstalled RS just to isolate the issue and indeed, RS caused my main categories pages to be mislinked, why did it even target that page and nothing else??
Time: September 8, 2011, 1:26 am
@Kevin, glad you pointed it out (Duhh @ me) gonna try the Role Scoper instead thats for sure, thank you.
Time: September 7, 2011, 7:35 am
FanaticWeb: wrong plugin. That file path is for the Members plugin.
Time: September 7, 2011, 6:24 am
Hi there, I just tried installing the plugin and got this error when I treid activating it: Fatal error: Call to undefined function submit_button() in /wp-content/plugins/members/admin/roles-list-table.php on line 91 When I cross reference line 91 in that php file, I see this one:
Where is the error exactly? Anyone else had a similar issue?
Pages: [10] 9 8 7 6 5 4 3 2 1 » Show All
Time: February 10, 2012, 12:40 pm
Philip, what exactly was your fatal error? Fanatic's was for a different plugin.