- This topic has 3 replies, 3 voices, and was last updated 10 years ago by
.
-
Posts
-
Perhaps I am misunderstanding the description of this new ability, but why would a site administrator want someone with lesser permissions to be able to give someone else greater permissions than they the giver has…?
And beyond that what would prevent someone from having two different user logins without anyone knowing, and give themselves permissions all the way up to and including all the permissions of an Administrator…?
Hi John,
“why would a site administrator want someone with lesser permissions to be able to give someone else greater permissions than they the giver has…?” is a very good question and that’s exactly why this new feature is required. The default functionality of WordPress allows any user with promote_users capability to promote any user to any role including Administrator. For example if Subscribers get promote_users capability, they can promote themselves to Administrators. This new feature allows you to limit that capability so that they cannot promote anyone to a higher level.
I really don’t think an Administrator will create a public website where anyone can register and promote themselves to Administrator. I would never create an account in such a website, because I don’t want others to steal my information. For example anyone can create an account in wpfront.com by purchasing the product but they cannot promote themselves to Administrator. But if I want a user to have the permission to manage a few other users I can easily do that with this new feature.
Thanks
Syam
- The topic ‘New update, User Level Permissions…’ is closed to new replies.