10% OFF
Website Exclusive Promotion 10% discount for new customers. Offer expires 30th June 2026.
Use code: JIFFYWEB10
Buy Pro
Try Free

Plugin Documentation

Documentation
← Back

Role-Based Access Problems (RBAC)

2 March 2026 jiffytrade Troubleshooting

If certain users cannot see or use parts of JiffyTrade, this is usually related to your Role-Based Access Control (RBAC) configuration.

JiffyTrade uses a structured capability system to safely control access to features.

This is intentional and protects business data.

1️⃣ Check the Minimum Role Setting

Navigate to:

My Business → Settings → Permissions (RBAC)

At the top of the page, confirm the selected minimum access role.

If this is set to:

  • Administrator
  • Plugin Super Administrator

Then lower roles will not see or access plugin features.

Changing the minimum role immediately affects visibility across the plugin.

2️⃣ Understand Capability-Based Restrictions

JiffyTrade does not rely only on WordPress roles.

It uses granular capabilities such as:

  • Managing documents
  • Viewing reports
  • Managing customers
  • Managing settings
  • Sending reminders
  • Marking invoices as paid
  • Unlocking documents

If a user’s role does not include the required capability, they will be restricted.

Restrictions may include:

  • Buttons not appearing
  • Tabs being hidden
  • “View only” access
  • Actions being disabled

This is expected behaviour.

3️⃣ “I Can See It But Can’t Edit It”

If a document is locked, even administrators may be prevented from editing it.

To edit a locked document, a user must have:

  • Unlock Documents permission
  • Or Unlock Financial Documents permission

Locking is separate from role level.

This protects historical financial records from accidental modification.

4️⃣ Multisite Considerations

On WordPress Multisite:

  • Super Admins have network-level authority.
  • Site Administrators may not automatically inherit all plugin capabilities.
  • Plugin Super Administrators (if configured) override site-level restrictions.

Ensure you are testing with the correct account.

🚑 Recovery Mode (Prevents Lockout)

If RBAC is misconfigured in a way that removes critical access, JiffyTrade may activate Recovery Mode.

Recovery Mode exists to prevent permanent lockout.

It activates when:

  • Permissions are configured unsafely
  • No valid administrator can manage access policies
  • Critical management capabilities are removed

When Recovery Mode is active:

  • A WordPress Administrator regains access to Settings
  • RBAC can be corrected safely
  • No data is deleted
  • No documents are modified

✅ How to Exit Recovery Mode

  1. Log in as a WordPress Administrator.
  2. Go to:
    My Business → Settings → Permissions (RBAC)
  3. Restore a sensible minimum role.
  4. Save the policy.

Once corrected, Recovery Mode deactivates automatically.

🔄 Resetting to a Baseline Policy (Using Built-In Templates)

If your permissions become confusing or unstable, you can quickly restore a safe preset using Policy Templates.

Navigate to:

My Business → Settings → Permissions (RBAC)

Step 1️⃣ Enable Template Overrides

Tick:

Enable policy template overrides

By enabling this option, you acknowledge that selecting a template will overwrite your existing RBAC configuration immediately.

Step 2️⃣ Select a Preset Policy

Below the checkbox, you’ll see built-in policy buttons such as:

  • Strictly Admin
  • Team Mode
  • Strict Accounting Mode
  • Owner-Only Mode

Clicking one of these will:

  • Instantly apply a predefined access configuration
  • Reset capability assignments
  • Restore a stable permission baseline

No file downloads or imports are required.

🧠 What Each Template Generally Does

Strictly Admin
Restricts control to Administrators (and above).
Best for troubleshooting or small trustworthy teams.

Team Mode
Allows operational staff to manage documents while protecting core settings.
Administrators and Super Admins have ultimate control.

Strict Accounting Mode
Limits financial actions to authorised roles only.
Ideal for setting your accountant up with an Editor read-only role (for example).

Owner-Only Mode
Highly restrictive. Ideal for single-user control.
All users, including your WordPress administrators, are denied access to JiffyTrade.

⚠ Important Notes

  • Policy changes take effect immediately.
  • At least one administrator should always retain management access.
  • Templates are safer than manually rebuilding complex permission structures.

5️⃣ Still Not Working?

If access problems persist, provide:

  • The affected user role
  • The feature they cannot access
  • Screenshots of your RBAC settings
  • Any visible error messages

This helps diagnose capability conflicts quickly.

🎯 Key Principle

RBAC controls authority.
Locking protects integrity.
Recovery Mode prevents lockout.

Together, they ensure structured, safe access control without risking your business data.