WordPress CMS manages different types of information, from simple tags and posts to users and roles. Nothing in WordPress exists in complete isolation and things are related to each other either directly or indirectly. For example, a single post always relates to some category, while category may have another parent category; pages have authors where each author is a WordPress user that has one or more roles assigned; roles have capabilities and even can have parent roles.
Do not think about any WordPress resource (post, page, menu, widget etc) as independent thing. Always keep in mind its relationship to other resources and most importunately what others can or cannot do with it.
Because everything is the WordPress relates to each other in more like hierarchical order, it is naturally to think that all the settings or properties are propagated down the hierarchical tree too. For example a WordPress user typically has one or more parent roles assigned and that is why combined list of role capabilities are automatically inherited by users.
Advanced Access Manager plugin (aka AAM) takes in consideration all the relationships between WordPress resources, users/roles and automatically inherits access settings and properties accordingly. Additionally to this, AAM introduces the concept of “Default” settings that allows the website owner to define default access settings for for all the users, roles and visitors all together.
It would be very impractical to define the same access settings for each WordPress role one-by-one, especially when you have dozens of custom roles. That is why the “Default” access settings can be so handy. For example if you have 15 custom roles that should not have access to manage pages, you can define “Default” access for everybody by restricting access to manage pages and if necessary override (give ability to edit pages) only for some very specific roles or individual users.
So how does settings inheritance work?
Settings inheritance is quite complicated feature to implement, especially when it comes to posts & terms access control. There are so many permutation of possibilities and in some cases they even contradict each other. Luckily AAM does it all for you out-of-box even in free version. Exception is Posts & Terms feature as it is limited in the basic AAM version.
The image below visually shows how user or visitor (for simplicity, moving forward, both will be called “user”) inherits access settings with AAM plugin. Each time “user” interacts with a WordPress website, AAM first checks if current “user” has any explicit settings defined for that particular “user”. If none, then AAM checks if “user” has a parent role and inherits access settings from it. Finally if either “user” does not have parent role or role does not have any access settings defined, then AAM inherits access settings from the “Default” settings.
By default, WordPress CMS does not have ability to define parent roles and the list of roles is linear. With premium AAM Role Hierarchy extension you can create a complex role hierarchy tree.
It gets way more complicated when managing access to the WordPress content like posts, pages, custom post types, categories and custom hierarchical taxonomies. The reason for this is that any page may have a parent page or any post may have one or more parent categories as well as all this typically is changing while more content is created.
This article is designed to give a general introduction to the access settings inheritance so for more detailed information about WordPress content access control, please refer to the How to manage access to the WordPress content article.
Learn more » How to manage access to the WordPress content
WordPress CMS already has well defined concept of users, roles and capabilities. These are very fundamental blocks that AAM plugin uses to give you endless possibilities to manage access to the WordPress website resources on the Frontend, Backend or even API sides.
All the information that WordPress manages is organized in more like hierarchical tree where the top is “Default” settings while the bottom is “user”; and access settings and properties are propagated down the tree unless overwritten. AAM is probably the only plugin that allows to customize access for any individual role, user, visitors or setup default access for everybody all together.