What Is Least Privilege?
Assigning the correct user role is one of the most important ways to protect your Frame site. Each user should only have the access they need to complete their work.
Least privilege means giving each user the lowest level of access needed for their role.
Not every user needs Administrator access. Giving too much access can increase the risk of accidental changes, deleted content, broken layouts, or security issues if an account is compromised.
A user should only be able to access the tools and settings they actually need.
Why Role Assignment Matters
User roles control what each person can do on your Frame site.
Depending on their role, a user may be able to:
Create or edit pages
Publish content
Upload media
Manage other users
Change site settings
Install or manage plugins
Edit important parts of the site
Because some permissions can affect the entire site, roles should be assigned carefully.
General Rule
Use the lowest role that allows the user to do their job.
If a user only needs to write or update content, they usually do not need full administrative access.
Administrator access should only be given to trusted users who are responsible for managing the site at a high level.
Common Role Assignment Examples
Use these examples as a general guide when assigning roles in Frame.
User Type | Recommended Role | Access Needed |
|---|---|---|
Site owner or main administrator | Administrator | Needs full access to manage the site, users, and settings |
Pastor, principal, or communications lead managing content | Editor | Can manage and publish content without full site control |
Staff member writing posts or updates | Author or Contributor | Can help with content without accessing advanced settings |
Volunteer submitting draft content | Contributor | Can create drafts but should not manage the whole site |
Person only needing to view private content | Subscriber | Has basic account access only |
Temporary helper or intern | Contributor or Author | Gives limited access based on the work needed |
When to Use Administrator
Use the Administrator role only when the person needs full control of the Frame site.
Administrators may be able to manage users, site settings, plugins, themes, and important configuration areas.
Only trusted users should have Administrator access.
Good examples:
Main site owner
Primary web administrator
Trusted organization staff member responsible for the site
Frame support or approved technical support access when needed
Avoid giving Administrator access just because someone needs to edit a page or upload an image.
When to Use Editor
Use the Editor role for users who need to manage content across the site.
Editors may be able to create, edit, publish, and manage content created by other users.
Good examples:
Communications director
Church secretary
School office manager
Ministry leader managing multiple pages
Staff member responsible for site content
This role is helpful for people who manage content but do not need access to advanced site settings.
When to Use Author
Use the Author role for users who need to create and publish their own content.
Good examples:
Blog writer
News writer
Ministry update writer
Staff member posting recurring updates
This role is useful when a person should manage their own posts but does not need control over other users’ content.
When to Use Contributor
Use the Contributor role for users who need to write content but should not publish it themselves.
Good examples:
Volunteer writer
Student worker
Intern
Ministry assistant
Guest contributor
This is a good role for users who need review before their content goes live.
When to Use Subscriber
Use the Subscriber role for users who only need basic account access.
Good examples:
Users who only need to log in
Users who need access to restricted content
Users who do not need editing permissions
Subscribers should not be used for people who need to edit or manage site content.
Temporary Access
If someone only needs access for a short time, give them the lowest role needed and remove access when the work is complete.
Examples of temporary access:
Event volunteer helping update a page
Contractor working on content
Intern helping with posts
Staff member covering for someone else
Do not leave temporary accounts active after they are no longer needed.
Review User Roles Regularly
Site owners should review user accounts from time to time to make sure each person still needs access.
Check for:
Users who no longer work with the organization
Volunteers who no longer need access
Temporary accounts that were never removed
Users with Administrator access who do not need it
Old accounts that have not been used recently
If a user no longer needs access, remove their account or lower their role.
Best Practices for Assigning Roles
When assigning roles in Frame:
Give each person their own account
Use the lowest role needed
Avoid sharing logins
Limit Administrator access
Remove users who no longer need access
Review roles regularly
Use strong passwords for every account
Use a password manager when possible
What Not to Do
Avoid these common mistakes:
Giving everyone Administrator access
Sharing one login between multiple people
Keeping old staff or volunteer accounts active
Giving full access for a small content update
Forgetting to remove temporary users
Using weak or reused passwords
These issues can increase the chance of accidental changes or unauthorized access.
Role Assignment Checklist
Before creating or updating a user account, ask:
Does this person need access to Frame?
What task do they need to complete?
What is the lowest role that allows them to do that task?
Do they need to publish content, or should someone review it first?
Do they need access temporarily or long term?
Should their access be removed after the work is complete?
Summary
Least privilege means giving users only the access they need. This helps protect your Frame site from accidental changes, unnecessary risk, and unauthorized access.
For most users, Administrator access is not needed. Choose the role that matches the person’s responsibilities, review access regularly, and remove users who no longer need access.
What role should I give someone who only needs to edit pages?
Use the lowest role that allows them to complete their work. If they only need to help with content, they usually do not need Administrator access.
Should every user be an Administrator?
No. Administrator access should only be given to trusted users who need to manage important site settings, users, or advanced tools. Most users should have a lower role.
What is the safest role for a volunteer or temporary helper?
For most volunteers or temporary helpers, start with a lower role such as Contributor or Author, depending on whether they need to publish content. Remove their access when the work is complete.
What does least privilege mean?
Least privilege means giving each user only the access they need to do their job. This helps protect your Frame site from accidental changes, unnecessary risk, and unauthorized access.
Can multiple people share one login?
No. Each person should have their own user account. Shared logins make it harder to manage access and can increase security risks.
What should I do if someone no longer needs access?
Remove their account or lower their role. Do not leave old staff, volunteer, or temporary accounts active if they are no longer needed.