Skip to main content

Demystifying the "User Level Filter" service

Vasyl MartyniukUsers, Roles & CapabilitiesAbout 2 min

Deprecated!

This service was deprecated in AAM 6.9.28 version in favor of "Users & Roles Governance" service. For more information, refer to this article.

WordPress, a popular content management system, offers extensive user and role management capabilities to website administrators. However, there are situations where administrators need more control over who can access and manage user roles and permissions. The Advanced Access Manager (AAM) "User Level Filter" service provides a unique solution to address this need. In this article, we will explore the functionality of the "User Level Filter" service, how it works, and when it can be beneficial for WordPress website administrators.

Understanding the service

The "User Level Filter" service is a feature provided by the Advanced Access Manager (AAM) plugin. It is designed to enhance the native WordPress user and role management system by restricting users with lower authority levels from viewing or managing users and roles with higher authority levels. This functionality ensures that sensitive user data and critical role permissions remain protected.

Enabling the service

By default, the "User Level Filter" service is disabled within the AAM plugin. However, website administrators can easily enable it by navigating to the AAM "Settings" page and selecting the "Services" tab. Once enabled, the service immediately begins filtering roles and users based on the current user's authority level.

AAM User Level Filter Settings

Understanding user levels

To comprehend how the "User Level Filter" service functions, it's essential to understand the concept of "user levels" in WordPress. Historically, WordPress used ten system capabilities, identified as level_0, level_1, up to level_10, to determine user privileges. Higher-level capabilities granted users more extensive access and control. Although these capabilities have been largely replaced by WordPress roles today, they can still be used to gauge the relative superiority of roles.

For example, the WordPress core role "Editor" is associated with the level_7 capability, indicating a higher level of authority, while the "Contributor" role only has the level_1 capability, signifying limited privileges. AAM leverages this basic concept to assess the privilege levels of roles and users and hide them from users with lower authority levels.

Practical scenario

One common scenario where the "User Level Filter" service proves invaluable is when a website administrator delegates user management responsibilities to sub-administrators but wishes to prevent these sub-administrators from altering or deleting the primary administrator's account. In such cases, a custom role, such as "sub-admin," can be created. This custom role inherits all the capabilities of an administrator but is assigned a lower level_9 capability, effectively limiting its authority.

AAM Power User Capabilities

Conclusion

The AAM "User Level Filter" service offers a powerful solution for fine-tuning user and role management in WordPress. By restricting access to roles and users based on their authority levels, administrators can maintain control over critical accounts and sensitive permissions. Whether you are managing a complex WordPress website with multiple user roles or simply looking to enhance security, the "User Level Filter" service can be a valuable addition to your toolkit.