UpStream has a complicated permissions system that goes further than what you can do with standard WordPress. With UpStream, it’s possible to set permissions on each individual field. Permissions can be set by project, by user, by role, and much more.
The standard permissions model for UpStream defines these roles: UpStream Manager, UpStream User, and UpStream Client User. The default settings for these roles can be viewed below:
| Action | Upstream Manager | Upstream User | Upstream Client User |
| Can create projects | Yes | No | No |
| Can view projects | Yes; can view any projects | Yes, only if they are the project owner or are assigned to a component (milestone, task, bug, etc.) | Yes, only if they are selected under the Client Users list in the Project Details section of the admin area |
| Can edit project info (title, status, owner, description, etc.) | Yes; can edit project info for any project | Yes, only if they are the project owner or they are assigned to any component (milestone, task, bug, etc.) of the project ** | Yes, only if they are selected under the Client Users list in the Project Details section of the admin area ** |
| Can delete projects | Yes; for any project | No ** | No ** |
| Can view project components (milestones, tasks, bugs, etc.) | Yes; for any project | Yes; they can view any component of a project if they are assigned to any component of that project (milestone, task, bug, etc.) |
Yes, only if they are selected under the Client Users list in the Project Details section of the admin area |
| Can edit project components (milestones, tasks, bugs, etc.) | Yes; for any project | Yes, only the components (milestone, task, bug, etc.) assigned to them ** | Yes, only the components (milestone, task, bug, etc.) assigned to them or ones they created ** |
| Can delete project components (milestones, tasks, bugs, etc.) | Yes; for any project | Yes, only the components (milestone, task, bug, etc.) assigned to them ** | Yes, only the components (milestone, task, bug, etc.) assigned to them or ones that they created ** |
| Can add project components (milestones, tasks, bugs, etc.) | Yes; for any project | Yes; they can add new components to a project if they are assigned to any component of that project (milestone, task, bug, etc.) ** | Yes, only if they are selected under the Client Users list in the Project Details section of the admin area ** |
** Requires UpStream Frontend Edit extension (UpStream User and Client User roles can only edit via the front end interface).
Customizing Permissions
You can do all sorts of customization on UpStream permissions using the Advanced Permissions module.
Advanced Permissions allows you to set each individual field as hidden, read-only, or editable. And you can allow or deny based on who a project/task/etc. is assigned to, the item ID, the creator, the client organization, their role, their user, and much more.
Advanced Permissions also allows you to set an anonymous view option, so certain projects are publicly viewable without logging in.
With Advanced Permissions, you can define nearly any scenario, and set your permissions to match. To do this, you create an XML document and enter it in the Advanced Permissions configuration section under UpStream settings.
For more information on Advanced Permissions, see here.
For Older Versions of UpStream
The documentation below is for versions of UpStream earlier than 1.27. It is here for historical purposes only. Please see above for the latest versions.
For UpStream 1.27 or later, WE STRONGLY SUGGEST YOU DO NOT MODIFY ANY ROLES OR CAPABILITIES
This list was created in October 2018 and it will change. We’re working on making these permissions more consistent, and also improving the documentation for each capability.
To control these permissions, you will need to install an extra plugin. We recommend Members, but UpStream uses the WordPress core permissions system and so is compatible with many more plugins.
Please note that the core permissions system in WordPress is not always clear. We do recommend that you test thoroughly if controlling permissions is important for your site.
This video is an introduction to UpStream permissions:
OVERALL
This capability allows users to access the main “UpStream” settings area in the WordPress admin.
- manage_upstream
PROJECTS
These capabilities below allow users to manage projects inside UpStream:
- edit_projects
- edit_project
- delete_project
- delete_projects
- publish_projects
- read_project
- edit_published_projects
- delete_published_projects
- edit_others_projects
- delete_others_projects
- edit_private_projects
- delete_private_projects
- read_private_projects
These next two capabilities allow you to change the users associated with a project. If you have these capabilities, you can change the author of a project and the users attached to a project.
- edit_project_author
- project_users_field
The seven capabilities below allow you to control the specific details associated with each project:
- project_title_field: you can edit the project’s name
- project_status_field: you can change the status of the project
- project_owner_field: you can change the Project Owner
- project_client_field: you can choose the Client for the project
- project_users_field: you can select the users assigned to the project
- project_start_date_field: you can select the Start Date for the project
- project_end_date_field: you can choose the End Date for the project
This image below show are how those seven capabilities are implemented on the frontend of UpStream. If you do not have permission to edit these fields, they will not be editable.
CLIENTS
These capabilities allow you to manage different aspects of the Clients feature in UpStream:
- edit_client
- read_client
- delete_client
- assign_client_terms
- edit_client_terms
- delete_client_terms
- manage_client_terms
TASKS
These capabilities allow you to access to different Tasks features in UpStream.
The “publish_project_tasks” capability controls whether users can publish and also edit Tasks.
- publish_project_tasks
These capabilities control whether or not users can edit specific details for Tasks:
- task_title_field
- task_assigned_to_field
- task_status_field
- task_progress_field
- task_milestone_field
- task_start_date_field
- task_end_date_field
- task_notes_field
This image below show are how those seven capabilities are implemented on the frontend of UpStream. If you do not have permission to edit these fields, they will not be editable.
BUGS
These capabilities allow you to access to different Bugs features in UpStream.
The “publish_project_bugs” capability controls whether users can publish and also edit Tasks.
- publish_project_bugs
These capabilities control whether or not users can edit specific details for Bugs:
- bug_title_field
- bug_assigned_to_field
- bug_severity_field
- bug_status_field
- bug_due_date_field
- bug_description_field
- bug_file_field
MILESTONES
These capabilities control whether or not users can edit specific details for Milestones:
- milestone_milestone_field
- milestone_assigned_to_field
- milestone_start_date_field
- milestone_end_date_field
- milestone_notes_field
FILES
This capability controls whether or not users can publish and edit Files in UpStream projects:
- publish_project_files
DISCUSSIONS
These capabilities control whether or not users can publish and edit Discussions in UpStream projects:
- publish_project_discussion
- delete_project_discussion