Access restrictions can be enabled or disabled for standard post types Post, Page and Media and also for any custom post types. In the example below, we can see that access restrictions are enabled for all standard post types as well as Products from WooCommerce, Topics from Groups Forums and Stories from Groups Newsletters.
An important note on WordPress’ attachments present as the Media post type in these options: Although Groups will protect the attachment page itself, the actual resource like an image or PDF file for example is not protected due to technical limitations. This means that although the attachment page will not be accessible to unauthorized visitors, if someone knows the direct URL to the media file itself, it can still be accessed. Instead, the Groups File Access extension provides an efficient solution to protecting direct access to files.
Groups can be shown in user profiles. Users who can Administer Groups can edit group memberships of other users on their profile pages. Also, with this option enabled, users can see to which groups they belong.
The tree view adds a Tree menu item to the Groups menu and provides a screen that shows the current group hierarchy.
Here’s an example:
This section is only intended to grant administrative access on Groups management functions to privileged roles.
Caution! Do not assign permissions arbitrarily to roles other than the Administrator role, as you can be creating serious security risks.
For each role, these permissions can be set:
- Access Groups: This permission allows to see information related to Groups. You can assign this permission to a group through the
- Administer Groups: This grants control over everything related to Groups. This permission can be assigned to a group using the
- Administer Groups plugin options: Grants access to make changes in the Groups > Options admin section. The related capability that you can use to grant this permission to a group is
- Restrict Access: Grants rights to restrict access on posts etc. This permission can be granted to a group using the
Deactivation and data persistence
A convenient option is provided to delete all data that has been stored by the Groups plugin. This option is useful if you just need to start from fresh after you have been testing the plugin.
Caution! Do not use this procedure if you want to preserve your groups and related data.
If you have been testing the Groups plugin and would like to start from scratch you can use this option to clear all affiliate data.
- Go to Groups > Options and under Deactivation and data persistence tick the Delete all plugin data on deactivation checkbox.
- Proceed to Plugins > Installed Plugins and click Deactivate for your Groups plugin.
- All groups data has now been deleted. Now reactivate your plugin by clicking Activate.
After this you will start with a fresh Groups installation.
Administrator Access Override can be enabled to grant users with the Administrator role all access permissions derived from group capabilities and other reserved privileges.
Caution! If the override is enabled, it will also affect constants that are used to harden the security and access restrictions on your site, such as
DISALLOW_FILE_MODS – even if these are defined and set to
true, with the administrator override enabled, they will be without effect.
This option is disabled by default and on a production site it is recommended to leave administrator access overrides turned off. Use this option for debugging purposes only or during the process of familiarizing administrators with the system.
To turn the option on, you can define the constant
true in your
define( 'GROUPS_ADMINISTRATOR_OVERRIDE', 'true' );
Add the line before the line that says
/* That's all, stop editing! Happy blogging. */.
Once this has been added, you can check that it has been enabled under Groups > Options where you will find a related notice.
We have included legacy access control based on capabilities to make it easier to transition from the previous access restriction model used in Groups 1.x to the group-based model used from Groups 2.x on.
Groups 1.x used capabilities to restrict access to posts. From Groups 2.x on, access is restricted by using groups directly instead. If you have been running Groups with access restrictions based on capabilities and upgraded to Groups 2.x, you will likely have legacy access control enabled. For new installations, this option is disabled by default and unless needed, we recommend to leave it disabled.
This option is only visible if legacy access control is enabled. Here, specific capabilities can be enabled or disabled to restrict access to posts. The standard
groups_read_post capability is enabled by default.
Note that to apply a capability-based access restriction on a post, the user must belong to a group which has that capability.
If you want to use additional capabilities to restrict access to posts, select them here. Any access restriction capability created directly through the Quick-create group & capability field in the Access restrictions box on posts will be added automatically here.