BricksMembers now includes a dedicated Roles & Permissions screen for managing WordPress roles, BRM-specific capabilities, admin access rules, and bulk user-role changes from one place. This guide explains when to use WordPress roles, when to use BricksMembers user levels, and how to manage both safely.
What you’ll learn:
- How WordPress roles differ from BricksMembers user levels
- How to create, clone, edit, and delete WordPress roles
- How to assign BRM capabilities to staff roles without giving full Administrator access
- How to bulk update user roles from the Users tab
- How snapshots, export, and import help you make safe role changes
- Best practices for admin lockout and role planning
Roles vs User Levels
This is the most important distinction:
- WordPress roles control what a user can do in WordPress and BRM admin surfaces. Examples: Subscriber, Editor, Administrator, or a custom role such as Student Support.
- BricksMembers user levels control content access, enrollments, drip behavior, and member-facing restrictions. Examples: Free, Premium, Course A, Workshop Cohort.
Rule of thumb: use user levels for access and membership logic, and use roles for admin/staff permissions or for integrations that need a specific WordPress role.
Open the Roles & Permissions Screen
- Go to BricksMembers → Roles & Permissions
- Use the Roles tab to manage role definitions and capabilities
- Use the Users tab to assign roles to individual users or in bulk
If you previously used older settings-based role tools, this page is now the main place to manage BRM-aware WordPress roles.
Create or Clone a Role
Create a new role
- Open BricksMembers → Roles & Permissions → Roles
- Enter a role name
- Optionally enter a custom role slug
- Click Create role
After creating the role, open Edit caps to choose the BricksMembers and WordPress capabilities that role should receive.
Clone an existing role
Cloning is the fastest and safest way to build a new staff role.
- Find the existing role you want to copy
- Click Clone
- Enter a name for the cloned role
- Review the copied permissions and adjust them if needed
Example: Clone Editor into “Course Reviewer” or clone Subscriber into “Student” and then only add the BRM capabilities you actually need.
Edit BRM Capabilities
Each role can have:
- BricksMembers capabilities for BRM pages and actions
- WordPress core capabilities when you need deeper WordPress access
To edit a role:
- Click Edit caps on the role
- Enable only the BRM capabilities that role needs
- Expand the advanced section only if you also need WordPress core capabilities
- Save the role
Tip: If someone only needs to manage BRM features, give them BRM capabilities instead of full Administrator access.
Control wp-admin Access
The Admin lockout toggle lets you block selected roles from reaching /wp-admin while keeping their frontend BRM experience intact.
- Use this for member-facing roles that should never enter the dashboard
- Do not use this on a role until you have tested it with a spare account
- Administrator stays protected, so you always keep a full-access fallback role
Best practice: Keep at least one Administrator account untouched while you test new lockout rules.
Assign Roles to Users
The Users tab is designed for bulk role changes.
- Open BricksMembers → Roles & Permissions → Users
- Search for a user or filter by role
- Select one or many users
- Choose the role action you want to apply
- Confirm the update
This is useful when you onboard a support team, move instructors into a custom BRM admin role, or clean up legacy user roles after a migration.
Use Snapshots, Export, and Import Before Big Changes
Snapshots
A snapshot stores a point-in-time copy of your role definitions. Capture one before a major cleanup, before importing a role set, or before removing old roles.
Export
Export creates a JSON file of the current role definitions so you can keep a backup or move the same role setup to another site.
Import
Import applies a previously exported JSON file to the current site. Review the roles on the target site first so you understand what will change.
Deleting a Role Safely
When a role still has users or BRM references, BricksMembers asks for a replacement role before deletion. This helps avoid leaving users or role-linked settings behind.
Recommended flow: capture a snapshot, delete the old role, choose a replacement role, then test with a user account that has the replacement role.
Common Use Cases
- Student role: Keep normal members on Subscriber or a custom Student role, then use BRM user levels for content access.
- Support role: Create a support/staff role with only the BRM pages and actions your team actually needs.
- Instructor role: Clone an existing editorial role, add the BRM capabilities you need, and test the result with a non-admin account.
- Webhook-created users: If an integration or webhook creates users, you can choose one of your custom roles as the default WordPress role for those users.
Best Practices
- Use user levels for membership access. Use roles for WordPress or BRM admin permissions.
- Avoid giving regular members Administrator, Editor, or other high-trust roles just to unlock BRM features.
- Create a snapshot before large role edits, imports, or deletions.
- Test new roles with a separate account before assigning them widely.
- If you use admin lockout, always keep one unaffected Administrator account available.
Once roles are set up correctly, you can keep member-facing access logic inside BRM user levels while safely delegating BRM admin work to staff, instructors, and support users.