Oxygen 3.6 introduces a new "Client Control" tab under Oxygen -> Settings in the WordPress admin panel. There, you'll find that we've consolidated the Role Manager and Post Type manager into this tab.
By default, access to Oxygen is only available to administrators. Access to Oxygen can be granted to other user roles at Oxygen -> Settings -> Client Control -> Role Manager in the WordPress admin area.
Oxygen's role manager works with the WordPress default user roles, any additional user roles added by custom code, and any additional user roles added by 3rd party plugins such as User Role Editor.
Note: Edit Mode will only be available on sites activated with an Oxygen Agency license.
In the access level dropdown for roles & users, you'll find Full Access, No Access, and Edit Only options.
Full Access will grant the given role or user complete, unrestricted access to Oxygen.
No Access will restrict the given role or user from accessing Oxygen at all, including all admin settings pages.
When Edit Only is chosen for a role or user, several restrictions are imposed for that role or user:
- The Oxygen meta box is hidden. Instead, you'll find an Oxygen icon button in Gutenberg or a blue "Edit with Oxygen" button at the top of post edit screens using the Classic Editor.
- The "Oxygen" admin menu is replaced with a single "Templates" link.
- The Manage button in the builder is hidden. Edit Only users cannot access global settings, stylesheets, or selectors.
- The +Add button is hidden.
- The Conditions, Link, Duplicate, and Delete icons in the Properties Pane are hidden.
- The add class button in the Selector Dropdown is hidden.
- The copy, clear, and delete icons in the Selector Dropdown are hidden.
- The Advanced tab in the Properties Pane is hidden.
- Code Blocks cannot be clicked or edited.
- In the Structure Pane, the hamburger menu for elements is hidden.
- In the Structure Pane, the delete icon for elements is hidden.
- Drag & drop is disabled.
These restrictions make it safe to let a client into Oxygen as they can only change styling and content. There's no access to code, global styles or settings, deletion, or re-arranging of elements.
This, however, may be far too restrictive for some cases, so we've added some granular controls that appear once you've chosen "Edit Only" access for a role or user:
Enable Elements: Allows role/user access to insert, duplicate, and delete specified elements.
Enable Drag & Drop: Allows role/user to drag and drop elements in the builder.
Enable Reusable Parts: Allows role/user to add Reusable Parts.
Enable Design Library: Allows role/user to add elements from the Design Library.
Disable Classes: Prevents role/user from being able to modify a class that has been applied to an element.
In addition to these restrictions, you can also lock roles/users with Edit Only access completely out of Oxygen on specific posts using the new "Lock Post In Edit Mode" checkbox in the Oxygen meta box. This does not restrict the role/user's ability to access the WordPress editor for that post.
Per User Access
In addition to the Role Manager and Post Type manager controls, you'll also find a "Per User Access" control section that allows you to define access on a per-user basis. Settings defined here will override role-based settings for a given user.
Post Type Manager
By default, Oxygen's metabox appears on the Edit screens for all post types.
You can hide the Oxygen metabox from post types where you do not need it via Oxygen -> Settings -> Client Control -> Post Type Manager in the WordPress admin area.
IMPORTANT SECURITY INFORMATION
Full access to Oxygen should only be granted to trusted users. This is because Oxygen provides the ability to execute PHP code, so any user granted access to Oxygen could execute code to make themselves an administrator.