It would be great to give editors the ability to add a group without allowing them access to assign capabilities to groups. This allows them to access admin functionality by assigning an admin capability to a group and then assigning themselves to the group, and we don’t want that 🙂
If when a new group were created:
1. a new capability was automatically create named after the group
2. the capability was automatically added to the group
3. the capability was automatically shown in the Access Restrictions metabox.
then not only would it speed things up generally, but it would mean if a new groups options page Permissions option was added, which gave the selected role permission to add a new group, but nothing else, editors, or any other role, would be able to create groups and choose which content was accessible by which groups. This would mean editors can create as many groups as they like, extremely simply, and without a security risk.
- The topic ‘Automatically, create, assign & enforce read permission for each new group’ is closed to new replies.