Make WordPress Core

Opened 21 months ago

Closed 3 weeks ago

#57882 closed defect (bug) (invalid)

User that has capability to create user can make only administrator.

Reported by: dangerd512's profile dangerd512 Owned by:
Milestone: Priority: normal
Severity: normal Version: 6.1.1
Component: Security Keywords: needs-patch reporter-feedback
Focuses: Cc:

Description

I have user role "Manager" that has capabilities:

add users
create users
delete users
edit users
list users
remove users

That users should be able to create users with different roles except administrators (they doesn't have "promote users" capability)

When manager opens Add new user page he doesn't see dropdown with roles and created user becomes administrator.

Change History (2)

#1 @costdev
21 months ago

  • Keywords reporter-feedback added

Hi @dangerd512, thanks for opening this ticket!

When only these capabilities are given, the Manager role will create users using the New User Default Role set in Settings > General. This might be worth checking on your site.

With the promote_users capability, the Manager will not be able to create a user with the Administrator role, but will be able to select other roles such as Subscriber, Contributor, Author, Editor, and in this case, Manager.

#2 @johnbillion
3 weeks ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

Closing this off as per the above. Cheers!

See also #43936.

Note: See TracTickets for help on using tickets.