Using Role-Based Security to Restrict Access to Reports, Agenda Editing [Updated Feb. 18, 2016]

The WordPress for Toastmasters software now lets you limit access to certain reports and agenda editing options which are open to all members by default, or open up access to options that are limited by default.

Update Feb. 18, 2016: These options have been updated to allow more fine-grained control over security. The new screen looks like this:

Control over user/member permissions.
Control over user/member permissions.

You will find these options under Settings -> TM Security (there is also a link to this screen from the main Settings -> Toastmasters screen).

For each security role, or category of users, you can dictate what those users can and cannot do. For example, can all members the progress reports showing how close different members are to earning their Competent Communicator or other awards? Or should only officers be allowed to access those reports? These permissions are in addition to WordPress’s built-in capabilities associated with those roles, most of which have to do with who can or cannot create, edit, and publish content.

The defaults are relatively permissive. If your club is as laid back as mine is, you may not want to futz with these settings at all. On the other hand, if you want to restrict access to certain functions, you have the ability to do so.

To date, I personally have never seen a reason to restrict most of these functions, although I might do so if I ever had trouble with members using them inappropriately. For example, it’s my experience that the only people who edit the list of role signups for a meeting are the Toastmaster of the Day, the VP of Education, or another responsible member helping organize a meeting. But it’s not inconceivable that some joker of a club member might mess up your agenda, forcing you to limit signup editing rights to officers.

Some clubs might also want to restrict access to the CC and CL progress reports or the Attendance Report so only officers can view them. In addition to any privacy concerns, if you are not actively using the reporting functions and keeping the data current, you might want to limit access just so members won’t be confused by information that may be inaccurate.

The security levels available on a WordPress for Toastmasters website include:

  • Member (subscriber) – a member of the site with no special privileges.
  • Contributor – can create blog posts or event but not publish them (they must be reviewed by an editor first)
  • Author – can create and publish blog posts and event posts but cannot edit anyone else’s content or any of the pages (such as the home page).
  • Editor – can create, publish, and edit all site content.
  • Officer – An Editor who also has add users (members) to the site and edit member profiles.
  • Administrator – has complete control of the site.

With the exception of Officer, these are standard WordPress user roles.

When the site administrator records the officers list on the Toastmasters settings screen, those users automatically get a promotion to the Officer role (Exception: a site administrator will retain administrator as a security role – “officer” would be a demotion in terms of control over the website). The administrator can also manually edit user roles. For example, you might treat a veteran member as an honorary Officer (in website security terms) even though that person isn’t currently filling an officer role.

Note that the Officer security role does not automatically expire at the end of an officer’s term. That person will continue to enjoy elevated security rights on the website until and unless the administrator manually demotes them.

The user Role setting
The user Role setting

User Role Editor

It’s possible to customize the rights scheme more extensively using the WordPress plugin User Role Editor, which is included in wp4toastmasters.com / toastmost.org websites and available for download for use on independent sites. If you want to get fancy, you can create your own custom roles for senior members or volunteers who will assist with given tasks but do not need all the authority of an Editor or Administrator.

User Role Editor
User Role Editor
Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Comments

comments