Custom role for maintaining members only

I would like to be able to define a new role that would allow a user to maintain membership records without giving them too much other capability. Specifically, I would like them to be able to add, update, and export membership records without giving them the ability to do much other damage. I have installed the “user role editor” plugin and started with an administrator role but as soon as I start removing capabilities the ability to get to the dashboard goes away. Advice?

Thanks for your inquiry. ~ We appreciate your patience :-)

s2Member® does NOT support back-end restrictions, so I can’t give detailed support on this, but I’ll throw some ideas your way. Generally speaking, you would create a new WordPress Role with the following Capabilities.

Step #1.

New Role: User Manager (user_manager)
I recommend using this plugin: Enhanced Capability Manager

Give the User Manager Role these Capabilities.

read
level_0
list_users
edit_users
add_users
create_users
delete_users
remove_users
promote_users
access_s2member_level0
access_s2member_level1
access_s2member_level2
access_s2member_level3
access_s2member_level4

Step #2

We can tweak s2Member® a bit to make everything work a little more intuitively here.

Please create this directory and file:
/wp-content/mu-plugins/s2-hacks.php
(NOTE: these are MUST USE plugins, see: http://codex.wordpress.org/Must_Use_Plugins)
(See also: http://www.s2member.com/kb/hacking-s2member/)

<?php
// Don't lock the admin panel if the current User can edit_post or edit_users.
// See also: s2Member -> General Options -> Profile Modifications (in case this is enabled).

add_filter('ws_plugin__s2member_admin_lockout', 'lock_admin_panel');
function lock_admin_panel($what_s2_says)
	{
		if(current_user_can('edit_posts') || current_user_can('edit_users'))
			return FALSE;
		return $what_s2_says; // Default return value.
	}

// Don't redirect those who can edit_posts or edit_users to the Login Welcome Page.
// Instead of redirecting them to the Login Welcome Page for s2Member®, we can leave them in the Dashboard.

add_filter('ws_plugin__s2member_login_redirect', 'login_redirect');
function login_redirect($what_s2_says)
	{
		if(current_user_can('edit_posts') || current_user_can('edit_users'))
			return FALSE;
		return $what_s2_says; // Default return value.
	}

// Don't show the s2Member® administrative menu to the User Manager Role in the Dashboard.
add_filter('ws_plugin__s2member_during_add_admin_options_create_menu_items', 'create_s2_menu_items');
function create_s2_menu_items($what_s2_says)
	{
		if(current_user_is('user_manager'))
			return FALSE;
		return $what_s2_says; // Default return value.
	}

KB article created from this post.
http://www.s2member.com/kb/creating-a-user-manager-role/

Thanks very much for the suggestions. The first two filters accomplish allowing the User Manager to access the user records but the third prevents the User Manager from getting at s2member’s Import/Export function which is also needed. Is there any practical way to access only the Export function?

Thanks for the follow-up :-)

Along with the last Filter that I posted in the KB article, try something like this please.

// Don't show the s2Member® administrative menu to the User Manager Role in the Dashboard.
// However, we WILL create a new menu that allows User Manager access to s2Member's Import/Export page.

add_filter('ws_plugin__s2member_during_add_admin_options_create_menu_items', 'create_s2_menu_items');
function create_s2_menu_items($what_s2_says)
	{
		if(current_user_is('user_manager'))
			{
				add_menu_page('Import/Export', 'Import/Export', 'user_manager', 's2-import-export', 'c_ws_plugin__s2member_pro_menu_pages::import_export_page');
				return FALSE;
			}
		return $what_s2_says; // Default return value.
	}

Thanks even more, that works great.