IN THIS CHAPTER
Looking at WordPress roles and capabilities
Using the Role Manager plugin
WordPress has its own authentication system. It is organized in a series of permissions, called Capabilities, which are subsequently bundled into groups that are called Roles.
This chapter assesses the out-of-the-box Capabilities and Roles that WordPress provides, and presents an overview of how you might use or modify these Roles in an editorial or development workflow.
The WordPress Role and Capability system is due for an overhaul — something that seems to be on track for a WordPress 3.0 release.
The core of the WordPress permission and authentication system is Capabilities. The WordPress application programming interface (API) and internal permission structure that allows or disallows access to portions of the system uses Capabilities. For example, the
delete_page capability is, as expected, used to determine whether an authenticated user has the permission to delete a page.
By default, the main user of a WordPress blog (usually with the username admin) is the Administrator. If you have other users, you can set their respective roles when you create their logins (see Figure 19.1), or on their user profile (see Figure 19.2). If you allow anyone to sign up for an account, you can set the default role on the General Settings page.
Figure 19.1. When creating users manually, you can designate the ...