The default WordPress installation comes with predefined Administrator, Editor, Author, Contributor and Subscriber roles. There is no clear definition of which role is “more powerful” or “higher” because it is based on the list of capabilities assigned to them.
The common assumption is that the role with more capabilities is more powerful however it is not accurate because “power” is very subjective and vary based on the situation. For example, for some websites, user with ability to manage online orders is more powerful than user that can manage posts and pages; or user that can delete uploads is less powerful than user with ability to create new users. It is up to a website owner to define what role is more or less powerful based on the website purpose.
When there is a need to define role levels (which role is higher or lower), we suggest to utilize level_0 to level_10 core capabilities and the role with higher level_X capability can be considered as more “powerful” role. AAM core will automatically filter out users and roles with higher level and will block any attempts for users with lower level to manage users with higher level.
WordPress website can have unlimited number of roles however there are no core features that allow to create new or manage existing role. You can learn how to manage role with AAM from How to manage WordPress roles article.
Each role in the WordPress core is defined by 3 attributes: internal slug, role name and list of capabilities.
While internal slug is something that you should not worry about because it is automatically generated based on the role name, the list of capabilities is very important part as it defines what the role is capable of doing. Role without a single capability is useless because any user assigned to this role will have no rights to do anything within a website.
The list of roles is stored in the wp_options database table as wp_user_roles option. The wp_ prefix is the default WordPress database table prefix and may vary depending on global $table_prefix variable that is defined is the main wp-config.php file. The stored list is a serialized associated array where the element key is an internal slug and the element value is another array with role name and list of capabilities.Array ( [administrator] => Array ( [name] => Administrator [capabilities] => Array ( [switch_themes] => 1 [edit_themes] => 1 ... ) ) [editor] => Array ( ... ) [...] )
It is not recommended to modify the raw list of roles manually and instead use provided by the WordPress core function:
WordPress list of role is linear and you can not create complex role hierarchy where child role inherits properties from its parent. This is something that can be accomplished with Role Hierarchy extension.