[wp-trac] [WordPress Trac] #52246: A lower user role user (editor) can assign the post author to a higher user role user (administrator)
WordPress Trac
noreply at wordpress.org
Fri Jan 8 12:56:32 UTC 2021
#52246: A lower user role user (editor) can assign the post author to a higher user
role user (administrator)
--------------------------+-----------------------------
Reporter: ninetyninew | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Users | Version: 5.6
Severity: normal | Resolution: invalid
Keywords: | Focuses: administration
--------------------------+-----------------------------
Changes (by johnbillion):
* status: new => closed
* resolution: => invalid
* milestone: Awaiting Review =>
Comment:
Thanks for the report @ninetyninew . This is indeed expected behaviour.
There is no inherent hierarchy between user roles in WordPress, even
though by default it can seem that way. Both the Editor role and the
Administrator role have the ability to assign any other user as the author
of a post, and this is allowed regardless of the role of the user being
assigned.
Similarly, Editors can edit posts, pages, attachments, and comments that
are published by a Administrator. This is expected.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52246#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list