Control what users can see and do through connections

  • Each permission corresponds to a user role
  • Each role is allowed to perform a set of actions called capabilities
  • Each role may have one to many capabilities
  • Allows redefining of built-in WordPress user role capabilities
  • You can create as many user roles as you need
  • Connections can create their own user roles and capabilities
Authorization is done through permissions

Permissions help you design authorization rules for your apps through categorizing users to certain roles which can or can not perform predefined actions called capabilities.

Most capabilities are predefined(built-in) by WordPress. WPAS and external apps (through connections) can define additional user roles and capabilities as well.

By enabling or disabling capabilities, you define authorization rules for entities, taxonomies, widgets, forms and views. The built-in WordPress roles can also be modified to support your app's authorization requirements. Unauthorized users see a message customizable per component basis.

As a general rule, if a capability is not assigned to any user role, it is assigned to visitors. Visitors are users who are not registered on your WordPress site.

The following are included in the plans supporting Advanced features
  • Ability to create custom roles
What's next