There are some security settings on the Database Options page that can be confusing. Hopefully this post will clear that up. They are:
- Allow only Administrators to see CFDB administration screens
- Can See Submission data
- Can See Submission data when using shortcodes
Locking down the administration console
#1 provides a quick way to lock down the administration console so that users cannot see it. You might still enable them to see data that is generated via a shortcode using the setting described below. But if you don’t want them to be able to view the administration console in the WP dashboard, set this to “false”.
Enabling Access to View Data
We’ll discuss #2 and #3 together.
Each of these can be set to a role level (Anyone, Subscriber, Contributor, Author, Editor, Administrator).
A user has a privilege if his role is equal or higher than that specified. If ‘Can See Submission data’ is set to ‘Author’ then all users with Author, Editor, or Administrator have this privilege.
If a user’s role allows him to have #2, then he has complete access to the data. When logged into the WP dashboard, he will see the CFDB menus (unless #1 is set to false) . He can delete data in the CFDB administration page. He can see short code output meaning he has #3 privileges. #2 is a superset of #3.
A subtle point is that if a user has #2, that the value of #3 is completely irrelevant to him. #2 is a superset of #3. It therefore follows that it is not useful to set the role needed for #3 higher than that of #2.
#3 should be set to a role that is less than or equal to the level of #2. Typically #3 is set to ‘Anyone’ while #2 is set to something high like ‘Editor’ or ‘Administrator’.
The idea is that you may want visitors to your site (especially those that are not registered users) to be able to see the output of your short codes on public pages and posts. But even if they are registered users, you don’t want them to be able to edit your data.
If a registered user has #3 but not #2, he will not see menu items in the WP admin area for this plugin. However if he has permission to create posts and he is knowledgeable about how to manually create short codes and of your form names, he could craft a post and put in a short code to see data. So it is not entirely secure from reading. However he cannot delete any data, even if he tries to duplicate the operation that the admin page uses to delete data.