Opened 21 months ago
Closed 3 weeks ago
#57882 closed defect (bug) (invalid)
User that has capability to create user can make only administrator.
Reported by: | dangerd512 | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 6.1.1 |
Component: | Security | Keywords: | needs-patch reporter-feedback |
Focuses: | Cc: |
Description
I have user role "Manager" that has capabilities:
add users
create users
delete users
edit users
list users
remove users
That users should be able to create users with different roles except administrators (they doesn't have "promote users" capability)
When manager opens Add new user page he doesn't see dropdown with roles and created user becomes administrator.
Change History (2)
Note: See
TracTickets for help on using
tickets.
Hi @dangerd512, thanks for opening this ticket!
When only these capabilities are given, the Manager role will create users using the New User Default Role set in
Settings > General
. This might be worth checking on your site.With the
promote_users
capability, the Manager will not be able to create a user with the Administrator role, but will be able to select other roles such as Subscriber, Contributor, Author, Editor, and in this case, Manager.