Veldform / Docs
Roles & capabilities
Veldform uses its own set of capabilities, so you can control per role who builds forms, who reads entries and who touches the settings.
| Capability | Allows |
|---|---|
vf_edit_forms |
Creating and editing forms |
vf_edit_others_forms |
Editing forms created by other users |
vf_publish_forms |
Making forms public |
vf_delete_forms |
Deleting forms |
vf_view_entries |
Viewing entries and downloading their uploaded files |
vf_edit_entries |
Editing entry values, adding notes, re-running actions |
vf_export_entries |
Exporting entries to CSV |
vf_delete_entries |
Deleting entries |
vf_manage_settings |
The Settings and Connections screens |
vf_use_ai |
The AI form builder |
On activation, administrators get all capabilities. Editors get everything except vf_manage_settings — so they can build forms and manage entries, but can't change plugin settings, the captcha keys or API connections.
Note that the entry capabilities are deliberately separate from the form capabilities: entries hold personal data, so being allowed to build forms doesn't automatically mean being allowed to read what visitors submitted.
Granting capabilities to other roles
Use any role editor plugin (like Members or User Role Editor) to assign the vf_* capabilities to other roles. Say you want your client to see entries without being able to touch the forms: give their role vf_view_entries and vf_export_entries, and nothing else.
You can also do it in code:
add_action( 'init', function () {
$role = get_role( 'shop_manager' );
if ( $role ) {
$role->add_cap( 'vf_view_entries' );
$role->add_cap( 'vf_export_entries' );
}
} );
Capabilities are granted once, on plugin activation — they persist in your database like any WordPress capability, and removing the plugin's capabilities from a role won't be undone by an update.