home/veldform/docs

Veldform / Docs

Roles & capabilities

Veldform uses its own set of capabilities, so you can control per role who builds forms, who reads entries and who touches the settings.

Capability Allows
vf_edit_forms Creating and editing forms
vf_edit_others_forms Editing forms created by other users
vf_publish_forms Making forms public
vf_delete_forms Deleting forms
vf_view_entries Viewing entries and downloading their uploaded files
vf_edit_entries Editing entry values, adding notes, re-running actions
vf_export_entries Exporting entries to CSV
vf_delete_entries Deleting entries
vf_manage_settings The Settings and Connections screens
vf_use_ai The AI form builder

On activation, administrators get all capabilities. Editors get everything except vf_manage_settings — so they can build forms and manage entries, but can't change plugin settings, the captcha keys or API connections.

Note that the entry capabilities are deliberately separate from the form capabilities: entries hold personal data, so being allowed to build forms doesn't automatically mean being allowed to read what visitors submitted.

Granting capabilities to other roles

Use any role editor plugin (like Members or User Role Editor) to assign the vf_* capabilities to other roles. Say you want your client to see entries without being able to touch the forms: give their role vf_view_entries and vf_export_entries, and nothing else.

You can also do it in code:

add_action( 'init', function () {
    $role = get_role( 'shop_manager' );
    if ( $role ) {
        $role->add_cap( 'vf_view_entries' );
        $role->add_cap( 'vf_export_entries' );
    }
} );

Capabilities are granted once, on plugin activation — they persist in your database like any WordPress capability, and removing the plugin's capabilities from a role won't be undone by an update.