How to restrict URI (or post/page) without "Or Higher"

I’m trying to find where this is specifically addressed from the KB or forums, but can’t find it. Maybe someone knows where the documentation is.

I have several membership “levels” that are horizontal. There is no hierarchy at all. I can see how to restrict access to these pages using URIs, but each level says “Or Higher”. Since they’re all basically just different options and there is no “higher” level, I’m not sure how to limit it to ONLY the one level (instead of “Or Higher”). Is there a simple way to put it in the field under the URI restrictions options (or post/page, category, tag, etc)? (or is there documentation that I miss that clarifies?)


I just saw this video, which may have helped with something I was probably doing wrong.
Rather than using membership levels, it sounds like I want to designate capabilities, correct? This would provide the horizontal options I’m looking for? I still don’t quite understand how to do that, but at least it seems to be the direction I should be going? Am I on track?

Hi Joe.

Custom capabilities can’t be used with URIs out of the box, it’d need custom code. I think that what you can do instead, is customize your level roles so they don’t give incremental access.


I hope that helps. :slight_smile:

I think I’m starting to get it. Thanks.

So for a “level” that needs specific access (rather than incremental), I can use URI for that level to grant access to specific features? I think I get this part.

But I don’t see where I can restrict it so it’s not incremental. I’ve read through the page and it seems to only explain incremental, not show how to restrict it. For example, how would I give someone access to level 10, but restrict them from levels 8-9? This is why I was hoping to use capabilities. It’s a tough learning curve for me, only being used to working in the Dashboard. Code is not my strength. :slight_smile:
Part of my challenge is that I’m using groups (PeepSo plugin), which don’t provide a specific page for me to be able to protect. Otherwise I could just edit it in the sidebar, I think. Apparently I must somehow restrict access to the URL for the group, right?

Keep reading the article down to the secction titled “Modifying s2Member Roles/Capabilities”. You need to edit the level roles to remove the access capabilities for the lower levels, and then add a small file to your installation that will prevent that customization from being reset on plugin update.

1 Like

I fully understand, thing is you’re trying to do something custom that isn’t exactly possible with the current levels or capabilities. You want to either have non-incremental levels, or apply ccap restriction to URIs. Either one will require a customization.

The ccaps one may be a bit trickier. The level roles one is less complicated, and you don’t need to learn to code. You’d edit the roles from the dashboard using the User Role Editor plugin, for example, and then all the code you need is copy-paste the one given in the article, to a file you put in your /wp-content/mu-plugins/ folder.


1 Like

Thanks Cristián,
To make sure I am on the right track, I need to:

  • Use a third party role customizer? ( I already have User Role Editor by Vladimir Garagulya installed)
  • Insert the lock-roles/caps folder and code in my files (using a child theme, I wonder if this could be inserted in the Dashboard editor instead?)
  • Then if I use URI restriction options, it will only affect the roles where it’s entered?
  • Any role customization I do in the Role Editor will only affect that specific role?

Am I getting it?

Yes, you’d edit the level roles to remove the access capabilities for lower levels.

No, you don’t use a child theme. You could use the theme’s functions.php file, but I find it better to use a must-use plugin instead. You create a new file called whatever dot php, e.g. s2-lock-roles-caps.php, put that code from the article at the very beginning of the file (no spaces or lines before the opening <?php), save the file and FTP the file to /wp-content/mu-plugins/ directory (if you don’t have a mu-plugins folder, create it).

1 Like

Thanks again!
Okay, I think I have that set up properly. I don’t have FTP set up, but I do have cpanel for access to the folders.
Now I do have a handful of hierarchical levels. So to make sure that level 3 has the permissions of levels 1 and 2, for instance, I need to somehow put that into their permissions, right?