Permissions Settings
Control who can create, edit, and manage references on your site. Permission settings let you define capabilities for different user roles.
Accessing Settings
Navigate to References > Settings > Permissions.
Permissions settings tab
Understanding WordPress Roles
WordPress includes default user roles:
| Role | Default Capabilities |
|---|---|
| Administrator | Everything |
| Editor | Publish and manage all posts |
| Author | Publish and manage own posts |
| Contributor | Write but not publish |
| Subscriber | Read only |
Academic References adds its own capabilities to these roles.
Reference Capabilities
Create References
Who can add new references:
| Setting | Description |
|---|---|
| Administrators Only | Most restrictive |
| Editors and Above | Editors + Administrators |
| Authors and Above | Authors + Editors + Administrators |
| Contributors and Above | Contributors can create drafts |
| All Logged-in Users | Subscribers can create |
Edit Own References
Who can modify references they created.
Usually set to the same level as Create or higher.
Edit Others’ References
Who can modify references created by other users.
Typically restricted to Editors and Administrators.
Delete References
Who can permanently delete references:
- Own only – Users delete their own
- All – Can delete any reference
Usually restricted to Editors and above.
Publish References
Who can change reference status to Published:
| Role | Can Publish |
|---|---|
| Contributor | No (creates drafts) |
| Author | Own references |
| Editor | Any reference |
| Administrator | Any reference |
Category and Tag Permissions
Manage Categories
Who can create, edit, and delete reference categories.
Usually restricted to Editors and Administrators.
Assign Categories
Who can assign categories to references.
Typically anyone who can create references.
Manage Tags
Similar to categories but for tags.
Often less restricted than categories.
Collection Permissions
Create Collections
Who can create new collections.
Edit Own Collections
Modify collections you created.
Edit All Collections
Modify any collection.
Delete Collections
Remove collections from the system.
Share Collections
Who can share collections with other users.
Frontend Permissions
Access Dashboard
Who sees the frontend dashboard:
- All logged-in users – Everyone
- Users with references – Only those who’ve added items
- Specific roles – Choose which roles
Submit from Frontend
Who can use the frontend submission form:
| Setting | Who Can Submit |
|---|---|
| Disabled | No frontend submission |
| Logged-in only | Any authenticated user |
| Specific roles | Choose allowed roles |
| Anyone | Including guests (with moderation) |
Edit from Frontend
Who can edit references through the frontend interface.
Import/Export Permissions
Import References
Who can bulk import from files:
Usually restricted to Editors and above due to potential for large changes.
Export References
Who can export reference data:
May be less restricted since it’s read-only.
Sync Permissions
Configure Sync
Who can set up Zotero/Mendeley integration.
Typically Administrators only.
Run Sync
Who can trigger a manual sync.
May extend to Editors.
Custom Role Support
Academic References works with custom roles from plugins like:
- User Role Editor
- Members
- Capability Manager Enhanced
Adding Capabilities to Custom Roles
- Create or edit a custom role
- Add Academic References capabilities:
Example: Research Assistant Role
Create a role that can:
- Create references (draft)
- Edit own references
- Cannot publish
- Cannot delete
Site-Wide vs. Per-User
Permissions apply at the role level, not per-user.
To give special permissions to specific users:
- Change their role
- Create a custom role
- Use a membership plugin
Multisite Considerations
On WordPress Multisite:
- Permissions are per-site
- Super Admins have full access
- Each site can configure differently
- Network settings may override
Permission Hierarchy
Permissions flow down:
Administrator (all permissions)
↓
Editor (most permissions)
↓
Author (own content)
↓
Contributor (draft only)
↓
Subscriber (read only)Higher roles inherit lower role permissions.
Testing Permissions
Method 1: User Switching Plugin
- Install User Switching plugin
- Switch to a user with the role you want to test
- Verify expected access
Method 2: Test Accounts
- Create test users for each role
- Log in as each user
- Verify permissions work correctly
Troubleshooting
User can’t access references
- Check their role
- Verify role has required capability
- Check for plugin conflicts
User has too much access
- Review role capabilities
- Check for capability plugins modifying roles
- Verify correct role assigned
Frontend not showing
- Check frontend access permission
- Verify dashboard page exists
- Check user is logged in
Import disabled
- Import requires higher permissions
- Check user role allows import
- May need Administrator access
Best Practices
- Principle of least privilege – Give minimum necessary permissions
- Use roles, not users – Manage at role level
- Test changes – Verify after modifying permissions
- Document decisions – Note why permissions are set
- Regular review – Audit permissions periodically
Next Steps
- General Settings – Core configuration
- Frontend Settings – Frontend access options
- Advanced Settings – Technical settings