Make WordPress Core

Opened 17 months ago

Last modified 17 months ago

#57882 new defect (bug)

User that has capability to create user can make only administrator.

Reported by: dangerd512's profile dangerd512 Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 6.1.1
Component: Security Keywords: needs-patch reporter-feedback
Focuses: Cc:

Description

I have user role "Manager" that has capabilities:

add users
create users
delete users
edit users
list users
remove users

That users should be able to create users with different roles except administrators (they doesn't have "promote users" capability)

When manager opens Add new user page he doesn't see dropdown with roles and created user becomes administrator.

Change History (1)

#1 @costdev
17 months ago

  • Keywords reporter-feedback added

Hi @dangerd512, thanks for opening this ticket!

When only these capabilities are given, the Manager role will create users using the New User Default Role set in Settings > General. This might be worth checking on your site.

With the promote_users capability, the Manager will not be able to create a user with the Administrator role, but will be able to select other roles such as Subscriber, Contributor, Author, Editor, and in this case, Manager.

Note: See TracTickets for help on using tickets.