Permissions control who can see OrbitalWP tasks, who can change them, who can approve or close them, who can change assignees, who can access reports, and who can be added as an observer for task email notifications. They affect the task list, task editor, task details panel, Board View, List View, Timeline View, Calendar View, reports, notifications, frontend forms, and task-specific access.
The most important idea is that access can come from more than one place. A user might have permissions because of their WordPress role, because an administrator added a user-specific override, because they were assigned to a task, or because an administrator granted access to one specific task.
How This Fits In OrbitalWP
OrbitalWP permissions are task-focused. They do not simply decide whether someone is an administrator, manager, assignee, or viewer. Instead, OrbitalWP checks what the current user is allowed to do with the current task, field, page, or report.
That means two users can open the same task and see different controls. One user may be able to view the task only. Another may be able to edit dates and priority. Another may be able to approve the task or change its assignee. An assignee may be able to complete assigned work without having broad edit access to every task field.
Permissions also affect what appears in task views. Board View, List View, Timeline View, and Calendar View use task access before showing task data. If a user cannot read a task, that task should not appear for that user in those views.
Where To Find It
Administrators manage global permissions from the WordPress admin menu under Orbital > Permission Settings. The page has a Roles mode and a Users mode.
- Use Roles to configure permissions for each non-administrator WordPress role.
- Use Users to configure User-Specific Permission Overrides for individual users.
- Use Users with Overrides to review users who already have user-specific permission changes.
Administrators can also manage access for a single task from the Permission Overrides box on the task edit screen. This box appears on saved parent tasks. It does not appear as an editable override manager on subtasks, because subtasks inherit permission overrides from their parent task.
Related access settings live under Orbital > Plugin Settings. In the General tab, the Access Control card contains Approved Task Protection and the Lock Approved Tasks checkbox. In the Notifications tab, Email Settings controls whether task emails can be sent.
Permission-related reports are available from Orbital > Reports when the current user can access reports. The Reports page heading is Task Reports, and the report selector can include Permission Overrides and Permission Access Inspector.
Before You Start
- You need administrator access to open Permission Settings and manage task-specific Permission Overrides.
- The administrator role is not listed with the other roles on Permission Settings because administrators always have all OrbitalWP permissions.
- Role permissions apply to every user in that WordPress role, except where a user-specific override changes the result for one user.
- User-specific overrides can grant a permission or deny a permission that the user would otherwise inherit from their role.
- Task-specific overrides grant access to one parent task and its subtasks. They do not change the user’s global role permissions.
- Task-specific overrides can only be set after a task has been created. If the task is new, save it first and refresh the edit screen.
- Assignment is not the same as edit access. Being assigned can provide task visibility and completion access, but it does not automatically allow editing every field.
What You Can Do
- Choose which roles can create, read, edit, approve, assign, receive observer notifications, manage task taxonomy, or view reports.
- Give one user custom global permissions without changing everyone in that user’s role.
- Deny a role-inherited permission for one user when that user needs narrower access.
- Grant one user access to a specific task without changing their role.
- Allow a user to approve, close, assign, edit, read, or delete one specific task through task-specific overrides.
- Review permission-related configuration and diagnostics from reports when report access is available.
Basic Workflow
- Open Orbital > Permission Settings.
- Select Roles and choose the role you want to configure.
- Review the permission groups: Read Permissions, Edit Permissions, Special Permissions, and Feature Access.
- Use the checkboxes to choose the role’s default access.
- Use Summary if you want to preview the active permissions for that role.
- Click Save Permissions.
- If one user needs different access from the role, switch to Users, use Select User, adjust the checkboxes, and click Save Permissions.
- If one task needs an exception, open that parent task in the task editor, find Permission Overrides, search to add a user, and toggle the task-specific permissions for that user.
Role Permissions
Role permissions are the default permissions for users in a WordPress role. The labels below are the permissions shown in Permission Settings.
| Permission | What it allows | Important limits |
|---|---|---|
| Create and Edit Own Tasks | Create tasks and subtasks, and edit tasks where the user is the author. | Does not allow changing approval, closed, or assignee fields. |
| Read All Tasks | Read-only access to all tasks. | Does not allow editing task fields. |
| Edit All Tasks | Edit all tasks, not only tasks authored by the user. | Does not allow changing approval, closed, or assignee fields by itself. |
| Approve Tasks | Approve tasks and close tasks. | Requires Edit All Tasks. This is approval authority, not a general edit grant by itself. |
| Manage Assignees | Change who is assigned to tasks. | Requires Edit All Tasks. This is assignee-management authority, not a general edit grant by itself. |
| Receive Notifications | Add the user as an observer candidate for task emails on tasks the user can read. | Does not grant task access and does not guarantee an email will send. |
| Manage Task Taxonomy | Create and edit task categories and tags. | Requires task edit access. |
| View Reports | Access the Reports screen in the admin menu. | Report results can still be limited by task permissions, and some reports may be admin-only. |
User-Specific Permission Overrides
User-specific overrides are global changes for one user. They are useful when one person needs access that differs from the rest of their WordPress role.
In Users mode, the Permission Summary shows permissions From Role and Custom Overrides. A custom override can be Granted or Denied. This matters when a user inherits a permission from a role but should not have that permission individually.
Use Delete Override to remove a user’s custom override and return that user to the normal permissions from their WordPress role.
Task-Specific Permission Overrides
Task-specific overrides apply only to one parent task and its subtasks. They are managed from the Permission Overrides box on a saved parent task.
| Task override | What it allows on that task |
|---|---|
| Read | View this specific task. |
| Edit | Edit this specific task’s ordinary task data, such as title, description, and custom fields. |
| Approve | Approve or close this specific task. This also gives enough access to reach and edit that task. |
| Manage Assignee | Change the assignee on this specific task. This also gives enough access to reach and edit that task. |
| Delete | Delete this specific task. This also gives enough access to reach and edit that task. |
Task-specific overrides are grants. They do not remove access that a user already has from their role or user-specific global permissions. If a user already has broad edit access, removing a task-specific override will not necessarily make the task read-only for that user.
Subtasks inherit task-specific overrides from the parent task. If you open a subtask, OrbitalWP tells you that permissions for the subtask are inherited from the parent task and links you to manage permissions on the parent task.
Assignment Access
Assignment is dynamic task access. A user who is assigned to a task can read that task. A user assigned to a parent task can also receive inherited access for descendant tasks in that task tree.
Assignment access is intentionally narrow. Assigned users can mark assigned work complete or incomplete when the task is not locked, but assignment alone does not let them change ordinary fields such as title, description, priority, dates, percent complete, custom fields, post status, approval status, closed state, or assignee.
Field-Level Restrictions
Some fields have stricter rules than general task editing. A user may be able to edit a task and still be unable to change one of these fields.
- Approval status requires Approve Tasks or a task-specific Approve override.
- Closed status requires Approve Tasks or a task-specific Approve override.
- Assignee changes require Manage Assignees or a task-specific Manage Assignee override.
- Completion can be changed by users with task edit access and by assigned users when the task is not locked.
- User-created custom fields follow ordinary task edit access unless the field is one of the restricted workflow fields above.
Approval status appears on parent tasks, not subtasks. If a task is a subtask, approval controls are not shown for that subtask.
Approved Task Protection
Approved Task Protection is controlled from Orbital > Plugin Settings > General in the Access Control card. The setting label is Lock Approved Tasks.
When Lock Approved Tasks is enabled, approved tasks are protected from ordinary edits. Users without approval authority cannot edit approved tasks. Completion and percent complete controls may also show a lock. If a task or parent task is locked because it is approved, change the approval status first before trying to edit completion or progress.
Approved parent tasks can also lock completion and progress changes on descendant tasks. This prevents users from changing the progress of work that belongs under an approved parent until the parent approval status changes.
Important Controls And Settings
- Select All checks every visible permission for the current role or selected user.
- Clear All removes the visible permission selections for the current role or selected user.
- Reset to Default restores the default permissions for a role.
- Summary opens a preview of the active permissions.
- Save Permissions saves changes on the Permission Settings page.
- Delete Override removes a user’s user-specific override.
- Search to add a user… is used inside a task’s Permission Overrides box to add a user to that task.
- Permission Overrides task changes save automatically after you toggle a permission.
What Affects What You See
Different users can see different OrbitalWP menus, tasks, fields, reports, and controls. The result depends on several access layers.
- Administrators can open Permission Settings and always have all OrbitalWP permissions.
- Users with task permissions, task-specific overrides, or assigned tasks can see the Orbital admin menu.
- The Permission Settings submenu is for administrators.
- The Reports submenu appears for administrators and users with View Reports.
- Task views show only tasks the user can read.
- Read-only access can show task data without showing edit controls.
- Task filters and closed-task preferences can hide tasks even when the user has permission to read them.
- Timeline View and Calendar View depend on task dates, so tasks without dates may not appear there even if they appear in Board View or List View.
- Approved Task Protection can lock completion and progress controls even when a user normally has edit access.
Permissions And Notifications
Receive Notifications does not give a user permission to read tasks. It only allows a readable-task observer to be considered for email notifications.
Even when a user has Receive Notifications, OrbitalWP still checks whether the user can read the task before rendering task email content. Emails can also be stopped by Enable Email Notifications, the individual Notification Types settings, Notify on Own Actions, Mute all notifications for my account, per-task mute state, or a missing email address.
On a task, the Notifications section can show Active or Muted when notifications are enabled. Muting a task affects that user’s task notifications without changing task permissions.
Deeper Notes
Global special permissions and task-specific overrides behave differently. Approve Tasks and Manage Assignees are global special permissions. They require Edit All Tasks and do not grant broad edit access by themselves. Task-specific Approve and Manage Assignee are stronger for one task because they also give the user enough access to reach and operate that specific task.
Edit Own permissions are based on task authorship. If a user can edit their own tasks, that does not mean they can edit a task authored by someone else unless another access layer grants it.
Task-specific Read, Edit, Approve, Manage Assignee, and Delete overrides inherit from a parent task to its subtasks. Set them on the parent task when you want them to apply to the task tree.
Report counts can differ between users because report queries respect task permissions. A user who can see fewer tasks may also see different report totals than an administrator.
Common Problems
I Cannot See Permission Settings
Permission Settings is an administrator-only area. Ask an administrator to open Orbital > Permission Settings and check your role or user-specific override.
A User Cannot See The Orbital Menu
The user needs some form of OrbitalWP task access. Check whether the user has a role permission, a user-specific permission override, a task-specific override, or an assigned task.
A Task Is Missing From A View
First check read access. The task must be readable by the current user through role permissions, assignment, or a task-specific override. Then check filters, closed-task preferences, and whether the view requires dates. Timeline View and Calendar View need dates; Board View and List View can still show tasks without dates.
A User Can View A Task But Cannot Edit It
The user may have Read All Tasks, a Read task-specific override, or assignment access. Those can allow visibility without broad edit rights. Check whether the user has Create and Edit Own Tasks, Edit All Tasks, a task-specific Edit override, or authorship of the task when own-task access is being used.
A User Can Edit A Task But Cannot Change Approval, Closed, Or Assignee
Those are restricted workflow fields. Approval status and closed status require Approve Tasks or a task-specific Approve override. Assignee changes require Manage Assignees or a task-specific Manage Assignee override.
A Completion Or Progress Field Is Locked
The task or one of its parent tasks may be approved while Lock Approved Tasks is enabled. Change the approval status first, or ask someone with approval authority to review the task.
I Cannot Add Permission Overrides On A Subtask
Subtasks inherit task-specific overrides from their parent task. Open the parent task and use Permission Overrides there.
The Permission Overrides Box Says To Save The Task First
Task-specific overrides can only be set after the task exists. Save the task, refresh the edit screen, and then add the user in Permission Overrides.
A User Does Not Receive A Notification Email
Check task read access first. Then check Orbital > Plugin Settings > Notifications for Enable Email Notifications, the relevant Notification Types setting, Notify on Own Actions, Mute all notifications for my account, and whether the task itself is Muted for that user. Also confirm the user has a valid email address.
Reports Are Missing Or Counts Look Different
The user needs View Reports to access the Reports screen unless they are an administrator. Report results can also be permission-scoped, so a user with narrower task access may see different totals than an administrator.