Skip to main content

About role hierarchy and when to use it

Vasyl MartyniukUsers, Roles & CapabilitiesAbout 2 min

Large-scale WordPress projects are rarely straightforward when it comes to access management. They demand meticulous strategic planning and a well-organized system of access controls. The WordPress roles and capabilities system plays a pivotal role in this process. However, managing a multitude of custom roles independently can become increasingly challenging over time, leading to errors and eventually compromising access controls.

In this article, we explore a solution to this dilemma: establishing a clear role hierarchy where parent roles enforce specific access controls, and child roles inherit them. While WordPress core lacks the built-in capability to create role hierarchies, we can bridge this gap with the assistance of the AAM premium Complete Package add-on.

The Role Hierarchy Concept

The "Complete Package" add-on introduces the concept of a role hierarchy, allowing you to designate a parent role for any existing role. With this feature, access controls from the parent role automatically cascade down to the child roles, simplifying access management in large-scale WordPress projects.

AAM Select Parent Role

Common Use Case

A typical scenario where the role hierarchy feature proves invaluable is when you need to define a group of roles with shared responsibilities but slightly varying access controls. Let's consider an example: managing a team of content editors divided by geographical regions. Editors from the United States should have access only to content relevant to the US, while their counterparts in the United Kingdom should handle content exclusive to the UK. To distinguish between these regions, each post is tagged with either US or UK post tags.

Both roles, "US Editor" and "UK Editor," share the same capabilities, but they require different access controls for content management. Here, you can designate the "Editor" role as the parent role for these two custom roles, defining all the necessary access controls within the "Editor" role and fine-tuning access for each specific role separately.

Implementation Steps

To implement this role hierarchy system, follow these steps:

  • Configure the Editor Role. Begin by managing the "Editor" role and set default access controls for the "Posts" post type. You can restrict access to actions like EDIT, PUBLISH, or DELETE for all posts.

  • Create Custom Roles. Create the custom roles "US Editor" and "UK Editor" while inheriting capabilities from the "Editor" role. Make sure to designate the "Editor" role as the parent role.

  • Override Access Controls. Navigate to the "Posts & Terms" tab and override the inherited access controls for the US tag by allowing actions like EDIT, PUBLISH, and DELETE for this specific tag. Repeat this step for the "UK Editor" role, customizing access controls for the UK tag.

Benefits of the Role Hierarchy

By implementing this role hierarchy system, you streamline access control management in your large-scale WordPress project. If future adjustments are needed for both UK and US editors, you can make those changes once at the "Editor" role level, ensuring consistent access controls across the board.

Conclusion

In large-scale WordPress projects, maintaining access controls for numerous custom roles can be daunting. However, by implementing a role hierarchy with the "Complete Package" add-on from AAM premium, you can simplify access management, reduce errors, and ensure a more robust security posture. This approach not only saves time but also enhances the efficiency and reliability of your WordPress project's access control system.