PLEASE NOTE: These forums are no longer utilized and are provided as an archive for informational purposes only. All support issues will be handled via email using our support ticket system. For more detailed information on this change, please see this blog post.

How to revoke gform_full_access?

  1. On some of my WordPress sites I have users who were at some time Administrators but who are now at lower level user roles.

    These users always have:
    Additional Capabilities: gform_full_access

    This even persists when I demote them to Subscriber role.

    How do I remove these permissions from ex-administrators so that they no longer have access to Gravity Forms?

    Posted 7 years ago on Friday August 24, 2012 | Permalink
  2. You can use a role management plugin like Members by Justin Tadlock. Using that, you can see all the roles and their capabilities and edit the capabilities for each role. There are other plugins out there which do the same thing, but Members is the one I am most familiar with.

    http://wordpress.org/extend/plugins/members/

    Posted 7 years ago on Sunday August 26, 2012 | Permalink
  3. So basically Gravity Forms has given full access permissions to even the lowest user roles and there is no built in way to revoke it?

    This is a bit of a problem, no?

    I'll check out Members, but it's a shame I have to go to another plugin to do this.

    Posted 7 years ago on Sunday August 26, 2012 | Permalink
  4. Those permissions are not given to the lowest user roles by default. I was trying to give you a tool to correct the problem right now, since I'm not sure how the roles remain after the role was downgraded. Gravity Forms has no built in role or capability management. I was trying to solve the problem you have now, then we can work out why it happened in the first place.

    I hope this tool works for you.

    Posted 7 years ago on Sunday August 26, 2012 | Permalink
  5. Hi Chris, ok it's good to hear this is not the intended way for it to function.

    I have installed the plugin Members but it is unable to solve my problem, or at least I am unable to find how to do it.

    I am seeing the following on the bottom of the default WordPress edit user profile page for users with role of "Subscriber":
    http://i.imgur.com/idb8c.png

    In the Members plugin role editor (Users -> Roles) I select Subscriber and I see the following:
    http://i.imgur.com/2tiB3.png

    As you can see, all the Gravity Forms capabilities are disabled (unchecked), yet still these users have full access to all Gravity Forms functions.

    Any ideas? Thanks.

    Posted 7 years ago on Sunday August 26, 2012 | Permalink
  6. @Prophet, please send me a WordPress administrator login for your site to chris@rocketgenius.com and I will take a look. Maybe there is something odd about these few users who were once administrators.

    Posted 7 years ago on Monday August 27, 2012 | Permalink
  7. Just found this online:
    http://wordpress.org/support/topic/plugin-user-role-editor-no-capabilities-for-gravity-forms?replies=6

    I will ask the developers about this.

    Posted 7 years ago on Monday August 27, 2012 | Permalink
  8. Hi Chris,

    Please check your email.

    Thanks!

    PS - this is happening on numerous sites, not just one.

    Posted 7 years ago on Monday August 27, 2012 | Permalink
  9. @Prophet, I emailed you. It appears the gform_full_access capability remains when you downgrade a user like you have. I manually reset the capabilities in the database. A subscriber should have these capabilities in the usermeta table:

    a:1:{s:10:"subscriber";s:1:"1";}

    They inadvertently had these after being downgraded from admin to subscriber:

    a:2:{s:17:"gform_full_access";s:1:"1";s:10:"subscriber";s:1:"1";}

    I have informed the developers. Thank you for bringing this to our attention.

    Posted 7 years ago on Monday August 27, 2012 | Permalink
  10. I'm having the same problem, but I don't know how to change the usermeta table. Can I do this via phpmyadmin?

    Posted 7 years ago on Monday October 8, 2012 | Permalink
  11. Yes, you can edit via phpMyAdmin. Please be sure to make a full backup of your database before making any edits there.

    Posted 7 years ago on Monday October 8, 2012 | Permalink
  12. I am also having a problem with this and the gform_full_access is NOT a part of this user's capabilities. Some of my custom roles are inheriting gform editing capabilities, and some are not. None of them have any capabilities selected in a role management plugin. And I have made new test users with unique handles/emails - they were never admins, and yet they still get this capability. This is problematic.

    Posted 7 years ago on Wednesday October 10, 2012 | Permalink
  13. http://www.gravityhelp.com/forums/topic/permissions-issues-dashboard-widgets-remain Per this post, I concur that after removing the capability "delete_user", this user no longer has full access to Gravity Forms! Which is, ultimately what I want to achieve in Gravity Forms. But not something I was wishing to remove from my Membership Manager role...

    Posted 7 years ago on Wednesday October 10, 2012 | Permalink
  14. Mstar, does this solution work for you or are you looking to try something else?

    Posted 7 years ago on Wednesday October 10, 2012 | Permalink
  15. I would like to add that this issue has very serious consequences on multisite installs. I'm working on a multisite project, and the following situation arises here.

    In multisite mode, unlike in single site installs, users can have a role on any blog, or not (registered on the network dmin, not add to a subsite). This is stored in the usermeta key mentioned above. I have many occasions where the gform capabilities are the only on listed in that key, without a WP native capability like 'editor'.

    Thus, lots of users on my site have gform_full_access, but no role on the same blog. This means they are linked to the blog, but because there's no role, they are not listed on the blog's users screen. This in turn means their profile can not be edited, and they can not be given a role on the blog. This seriously hinders user management.

    We're trying to use as few plugins as possible, and would prefer not to use the Members plugin.

    Posted 6 years ago on Thursday November 8, 2012 | Permalink

This topic has been resolved and has been closed to new replies.