There are two security settings on the Database Options page that can be confusing. Hopefully this post will clear that up. They are:
- Can See Submission data
- Can See Submission data when using shortcodes
Each of these can be set to a role level (Anyone, Subscriber, Contributor, Author, Editor, Administrator).
A user has a privilege if his role is equal or higher than that specified. If ’Can See Submission data’ is set to ‘Author’ then all users with Author, Editor, or Administrator have this privilege.
If a user’s role allows him to have #1, then he has complete access to the data. When logged into the WP Admin area, he will see the “Database” menu options in the “Contact” menu provided by Contract Form 7. He can delete data in the admin area. He can see short code output meaning he has #2 privileges. #1 is a superset of #2.
A subtle point is that if a user has #1, that the value of #2 is completely irrelevant to him. #1 is a superset of #2. It therefore follows that it is not useful to set the role needed for #2 higher than that of #1.
#2 should be set to a role that is less than or equal to the level of #1. Typically #2 is set to ‘Anyone’ while #1 is set to something high like ‘Editor’ or ‘Administrator’.
The idea is that you may want visitors to your site (especially those that are not registered users) to be able to see the output of your short codes on public pages and posts. But even if they are registered users, you don’t want them to be able to edit your data.
If a registered user has #2 but not #1, he will not see menu items in the WP admin area for this plugin. However if he has permission to create posts and he is knowledgeable about how to manually create short codes and of your form names, he could craft a post and put in a short code to see data. So it is not entirely secure from reading. However he cannot delete any data, even if he tries to duplicate the operation that the admin page uses to delete data.