[wp-trac] [WordPress Trac] #46716: Site owner unable to control admin level users in Word Press dashboard
WordPress Trac
noreply at wordpress.org
Fri Mar 29 12:25:21 UTC 2019
#46716: Site owner unable to control admin level users in Word Press dashboard
-----------------------------+-----------------------------
Reporter: anu24 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Role/Capability | Version:
Severity: critical | Keywords:
Focuses: |
-----------------------------+-----------------------------
Issue details:
I just created my website using WordPress. I am not a web developer and
wordpress dashboard is pretty native and lacks default functionalities
like giving sub headings in your page or blog ( editor should at least be
as good as MS Word).
Also I can create new page under parent page but can't view their title
under parent page in menu after publishing the page.( expected behavior)
So I need to take help of a web developer to get proper page templates,
theme, plugin etc. I created a second administrator in my site to give
access to a web dev to my site dashboard.
Now I ( site owner ) and the web developer have equal rights in the site.
the Web developer can even change my password or delete me as an
administrator, or log me out!!
How can wordpress allow that? There are plug ins which give different User
roles but this is a core capability to add, edit or delete users including
site owner. Plugins can be removed by an admin user so not useful to
protect rights of site owner if he/she has to create other admins. If I do
not give admin rights to web developer, he can not add
templates/plugins/theme so I have to give admin rights..
Expected Behavior:
To make wordpress websites secure, the site owner should have Master admin
rights.
Site owner should be able to add or remove other admins but other admins
should not be able to view - site owner( master admin) among list of
users. other admins should not be able to view, edit or delete any details
of Master admin profile.
Also Publishing rights should be restricted to not allow every user to
publish anything they write/change.
in fact there should be check box for different capabilities while
creating users:
1. User Management (All- master admin)
2. User management ( all but not master admin)
3. Developer capabilities ( templates, plug ins, coding )
4. Read, write, edit posts (self only- Jr. blog writer)
5. Read, write, edit, publish posts (self only- blog writer)
5. Read, write, edit, publish posts ( all contributors- editor)
6. Read write,edit, publish, delete posts, review publish comments ( all
contributors- Sr.editor)
Additional improvements:
Today most blog sites have basic editing features which make them more
user friendly for nontechnical bloggers. WordPress try to keep everything
simple and is great for developers but please think from beginners'
perspective and add basic capabilities to page editor. Also add menu
editor or create core functionality to automatically add child page under
parent page in main menu.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/46716>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list