Sometimes there is a need to give access for other, none-administrator users to manage access to certain website resources likes posts and pages, metaboxes and widgets or API endpoints. You also do not necessarily what to give too many privileges like changing capabilities or creating new roles. That is AAM gives you flexibility to define very granular access also to the AAM page and its features.
Prior to AAM v4.7, most of the access management to AAM functionality could be accomplished with ConfigPress configurations however I figured that it probably will be a little bit more transparent and intuitive if access control to AAM features can be accomplished with few custom capabilities.
By default, access to AAM functionality is granted only for users that have administrator capability (technically only users with the Administrator role) but in order for other none-administrator users to use AAM features, you can redefine this behavior with few simple steps.
Step 1. Redefine capability to AAM page itself.
The first step is to redefine the default access capability. Create custom capability aam_manager. Go to the Capabilities tab and on the top right corner hit + Create button. From this point only users with aam_manager capability checked, will have access to the AAM functionality. The aam_manager capability is enough to grand access to almost all functionality with few exceptions that we will mention below.
Note! Make sure that you do not misspell aam_manager capability. “R” in the end!
Step 2. Manage access to AAM features.
The next step is to define what actually user can do within AAM page and below is the list of all available capabilities with detailed description. Keep in mind that majority of AAM features are designed to manage settings for specific role, user, visitors or to everybody all together (Default settings). That is why you also have to make sure that when you grand access to specific AAM features, you also allow user to manage either list of roles with aam_manage_roles capability; manage users with aam_manage_users capability; manage visitors with aam_manage_visitors capability.
It is strongly discouraged to give ability for other users to manage Default access settings as they will affect your administrator user too. However if you really need to do that, make sure that your desired user has aam_manage_default capability.
Please note! AAM has integrated users/roles filtering that is based on user levels so you should not worry that user with lower user level will be able to manager users and roles with higher user level. For more information about this feature please refer to the WordPress Users and Roles Filter article.
List of customer capabilities
Below is the complete list of capabilities that are currently supported by AAM core however please do not hesitate to contact me directly if you have any questions of need more flexibility with additional capabilities.
Grant access to the Admin Menu feature
Grant access to the Admin Toolbar feature
Grant access to the Metaboxes & Widgets feature
Grant access to the Capabilities feature. Note! It is most likely you would not want to give access to this feature
Grant access to the Posts & Pages feature
Grant access to the API Routes feature
Grant access to the Access Denied Redirect feature
Grant access to the Login Redirect feature
Grant access to the Logout Redirect feature
Grant access to the 404 Redirect feature. This feature is available only on the Default level for all users, roles and visitors.
Grant access to the Settings feature
Grant access to the Extensions feature
Grant access to manage IP Check. Available only with premium IP Check extension
Show AAM Notification Panel if any reported
Allows user to see and manager the list of roles
Allow user to see and manager the list of users.
Allow user to manage access for visitors
Allow user to manage default access to all users, roles and visitors. Note! It is not recommended to give access to this functionality as it may affect administrators
Allow user to create a new role
Allows user to edit existing roles
Allow user to delete existing roles. Note! By default, AAM does not allow to delete any existing role that has one or more users assigned to it
Allow user to lock/unlock other users
Allow user to switch to other user
Advanced Access Manager probably the only plugin that allows you to manage access to its interface. Typically you get all or nothing however with AAM you have flexibility to delegate some of the access management routines to other users without giving them administrator privileges.