Since Akeeba Backup for WordPress 8.3.0 we offer a deeper integration with WordPress' access control system by providing custom user Roles and Capabilities.
Please note there are two major exceptions to the Roles and Capabilities:
-
On multisite WordPress installations only the Super Administrator can operate Akeeba Backup. Moreover, Akeeba Backup will only appear in the Network Administration page; it will not appear at all for individual blogs.
This is intentional. Multisite installations do not have separate blogs with their own plugins, themes, and contents. It's a single installation, with all content from all blogs intertwined in the database. Taking a backup of a multisite installation takes a backup of the entire blog network. Backing up or restoring a single blog is not technically possible. Therefore, only the user who has absolute control over the entire network – the Super Administrator – can possibly have access to Akeeba Backup.
-
On regular (single site) installations, users with the Administrator role always have full access to Akeeba Backup. This is an intentional choice. The Administrator role is “magical”. It grants all known capabilities to the user. It's like “god mode” in a video game. Being Administrator you can do anything, and nobody can tell you otherwise.
By default, other users do not have any access to Akeeba Backup.
![[Warning]](/media/com_docimport/admonition/warning.png) | Warning |
|---|---|
|
We recommend leaving the default access control settings intact, as they are designed to only allow users with the highest access privileges take any action in Akeeba Backup. Remember that being able to take, download, manage, and configure backups has non-obvious security implications. Configuring backups allows users to see the database table, as well as folder and file names on your site which can be used by a malicious user in conjunction with a vulnerability to hack your site. Being able to configure Akeeba Backup allows full access to the secrets in Akeeba Backup's configuration which might include service keys for Amazon AWS, Azure, etc. If these third party credentials are not scoped correctly it might allow the user with access to them to abuse the third party account with all sorts of financial, operational, privacy, and security implications. Being able to take backups can be abused to consume server resources to the point that the site slows down to a crawl, or is suspended by the hosting company. Being able to download backup archives is equivalent to Administrator access as the user can restore the site locally and assume Administrator control of their local copy, therefore having full access to all information that would otherwise be kept secret from them in the original site. If you are not absolutely certain about the security implications of granting access to Akeeba Backup to less-privileged user accounts, don't do it! It is too easy to get it wrong. |
Our plugin does provide the following Capabilities:
- akeebabackup_access
-
Access Akeeba Backup's interface. You MUST grant this capability to see the link to Akeeba Backup and access any of its pages.
- akeebabackup_backup
-
Take backups with Akeeba Backup. A user with this capability can select the backup profile and run a backup. They cannot access the Manage Backups page, or any of the configuration pages.
- akeebabackup_configure
-
Configure Akeeba Backup. This grants access to all configuration pages in Akeeba Backup.
- akeebabackup_download
-
Grants permission to the Manage Backups page, and allows the user to download and delete backup archives.
To make things easier for you, Akeeba Backup comes with three Roles:
- Akeeba Backup Admin
-
Grants all of the aforementioned capabilities.
Warning This is equivalent to giving a user Administrator access as they can take and download a backup of your site which allows them to see everything on the site, even if it would otherwise be a secret kept from them.
- Akeeba Backup Manager
-
Grants all of the aforementioned capabilities, except for
akeebabackup_configure.Please note that assigning this Role to a user makes it impossible to grant them the
akeebabackup_configurecapability.Warning This is equivalent to giving a user Administrator access as they can take and download a backup of your site which allows them to see everything on the site, even if it would otherwise be a secret kept from them.
- Akeeba Backup Operator
-
Grants only the
akeebabackup_accessandakeebabackup_backupcapabilities. This is meant for users who are only supposed to be able to take a backup, but not configure it or download it.Please note that assigning this Role to a user makes it impossible to grant them the
akeebabackup_configureand / orakeebabackup_downloadcapabilities.
Do not try to combine these Roles, or combine any of these Roles with individual capabilities. Each Role defines all four of Akeeba Backup's capabilities with appropriate Grant and Deny rules for each capability. This means that if a capability is denied by the Role it cannot be granted by another Role, or at an individual user level. Think of these Roles as a quick way to allow specific users to do a certain level of work in Akeeba Backup.
How to apply Roles and Capabilities
By default, WordPress only allows you to select one Role for each individual user. Moreover, it does not allow you to manage Roles, or select which Capabilities each user and Role has. Essentially, it is rather useless when it comes to access control. You will have to use a third party plugin. You can search for “capabilities” in the WordPress Plugins Directory to find a suitable plugin.
We cannot recommend any specific roles and capabilities management plugin, or help you using one. We consider access control an advanced topic that should only be touched by power users who understand the security implications of giving each permission to a lesser-privileged user account. These power users, by definition, also understand how to operate third party access control plugins.
Akeeba Backup for WordPress 8.2 and earlier
Older versions of Akeeba Backup for WordPress do not offer WordPress Roles and Capabilities. Instead, there is a hard-coded mapping of which WordPress users can execute which actions in Akeeba Backup.
For multisite WordPress installations only the Super Administrator user can operate Akeeba Backup.
For single site WordPress installations only the Administrator users can operate Akeeba Backup.