Creates additional capabilities for control over WordPress’ privacy and personal data features (GDPR).
The plugin adds the following capabilities to the “General” tab on the edit role screen:
- Manage Privacy Options (
manage_privacy_options) – Allows you to manage the site or network’s privacy options, including the privacy page.
The plugin adds the following capabilities to the “Users” tab on the edit role screen:
- Export Others’ Personal Data (
export_others_personal_data) – Allows you to export personal data for users other than your own.
- Erase Others’ Personal Data (
erase_others_personal_data) – Allows you to erase personal data for users other than your own.
Managing privacy options
Currently, there’s a bug in WordPress (Trac ticket) that won’t allow users without
manage_options to see sub-menu items of “Settings” in the admin, even if the user has permission to do so. There’s nothing this plugin can do to address this. Therefore, if you have the
manage_privacy_options but not the
manage_options capability, you won’t be able to access the Settings > Privacy page in the admin.
A good use case for this is to give Editors (or a similar role) the
manage_privacy_options cap to allow them to actually make copyediting changes to the page.
Erasing personal data
erase_others_personal_data capability must be used in conjunction with the
delete_users capability. This is how core WP is set up. It makes sense when you think about it. Users shouldn’t be able to erase others’ data without high enough permission to actually delete the actual user account.
If you’re on a multisite setup, the new capabilities (see above) are not automatically added to administrators on each sub-site. This is because WordPress, by default, considers the privacy and personal data features a “super admin” privilege. You may assign these capabilities to administrators or other roles on a per-site basis if you feel like your administrators should have these permissions.