Title: User Level Security Last modified: July 7, 2023 --- # User Level Security * Resolved [drjoeward](https://wordpress.org/support/users/drjoeward/) * (@drjoeward) * [2 years, 11 months ago](https://wordpress.org/support/topic/user-level-security-2/) * Anyone able to get this to have user level security. I need to have a document manager that allows users to upload files (prefereably with revisions and notes/ comments per revision) but cannot allow users to see each others files (or folders for that matter) but an higher level user (editorial staff) has a way to see everything. Just wondering if anyone has any experience or know of any addons( I’m not afraid of php code!) to make such a thing possible. Viewing 2 replies - 1 through 2 (of 2 total) * Plugin Contributor [nwjames](https://wordpress.org/support/users/nwjames/) * (@nwjames) * [2 years, 11 months ago](https://wordpress.org/support/topic/user-level-security-2/#post-16879945) * [@drjoeward](https://wordpress.org/support/users/drjoeward/), * Overall this comes with the delivered functionality. * Define your normal users as Contributors. When they upload documents, these are created as Private. * They can enter comments in the Excerpt field, but like WordPress comments are linked to the overall post, not the individual revisions. * Other Contributors can only see their own documents. * Contributors cannot publish documents, i.e. make them available to every one else. * Those with the Editor role can see (or update) all documents. * When you refer to folders, all uploads are done into the standard uploads folder– normally divided into year/month sub-folders. * The logical sub-division is done by assigning categories or tags to the items. Since the document is private and the access is determined before display, then your contributors will only see their own documents. * Access using the WordPress interface will give you the security required. * It is worthwhile to recap how documents are stored in the uploads directory. Each file is stored as a MD5-hash of the original file name abd the time it was uploaded. This means that a file called `fred.pdf` will be stored as a name like` 6079663a66cd2eec4be39f8f5d57e003.pdf`. * If you are able to guess that name (and possibility the month sub-directory) and enter that into your URL, then you will be able to bypass WordPress processing and download the file directly. The plugin takes some care to hide this hashed name from you. It is possible to update your .htaccess file to stop this if it is perceived to be a real problem. * Hope this is of use, * Neil James * Plugin Contributor [nwjames](https://wordpress.org/support/users/nwjames/) * (@nwjames) * [2 years, 10 months ago](https://wordpress.org/support/topic/user-level-security-2/#post-16917165) * Because I believe the above answered the question and there were no follow-ups over the last two weeks, I’ll marked this as resolved. * Neil James Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘User Level Security’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/wp-document-revisions_6c6c6c.svg) * [WP Document Revisions](https://wordpress.org/plugins/wp-document-revisions/) * [Support Threads](https://wordpress.org/support/plugin/wp-document-revisions/) * [Active Topics](https://wordpress.org/support/plugin/wp-document-revisions/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wp-document-revisions/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wp-document-revisions/reviews/) * 2 replies * 2 participants * Last reply from: [nwjames](https://wordpress.org/support/users/nwjames/) * Last activity: [2 years, 10 months ago](https://wordpress.org/support/topic/user-level-security-2/#post-16917165) * Status: resolved