Permissions and presets
How capability presets, WordPress roles, and confirmation tokens combine to keep AI agents inside the boundaries you set.
Updated
Each connection in Axtolab AI Connector is gated by two layers of permission:
- The connection’s capability preset. This decides which AI tools appear in the client’s tool list. If a preset does not include a capability group, the AI client never sees the matching tools at all.
- The connected WordPress user’s role. Even if a tool is exposed, the connected user still needs WordPress’s underlying capability to act. The plugin never elevates beyond what the user could do in wp-admin.
Both layers must allow an action for it to succeed. That is why creating a connection with the Admin path but the Read only preset is safe: the user could in theory publish, but the preset hides every publish tool from Claude.
Capability groups
Capabilities are organised into named groups:
- read — list posts, search content, retrieve a single post or media item (always on).
- create_edit — create drafts, update content, clone an existing post.
- publish — publish or schedule a post (requires a confirmation token).
- trash_restore — move content to trash, restore from trash (requires a confirmation token).
- media_manage — upload media, set featured images, update alt text.
- taxonomy — create and assign categories and tags.
- authors — list authors and reassign post authors.
- seo — read and write SEO fields (Yoast SEO, Rank Math, or AIOSEO).
- image — image workflows when image providers are configured.
- upload_portal — drag-and-drop upload sessions for non-technical users.
Presets
You usually pick a preset rather than choose groups individually. Presets are starting points; you can always switch to custom to fine-tune.
- Read only —
read. Use for monitoring, audits, or research-only agents. - Draft only —
read,create_edit,media_manage,taxonomy,seo,image,upload_portal. No publish, no trash. Great for first-time setup. - Content manager — Draft only plus
publish,authors. Editorial agents that should not delete things. - Standard — Content manager plus
image,upload_portal. Default for most teams. - Full access — Standard plus
trash_restore. Use only for trusted agents. - Media manager —
read,media_manage. Asset organisation, alt-text fill-in. - SEO specialist —
read,seo. SEO assistants that should not touch content. - Custom — pick groups individually.
Confirmation tokens
For destructive or visible actions — publish, trash, restore — the connector requires the AI to first request a confirmation token. The flow is:
- The AI calls a “request review” tool with what it intends to do.
- The connector issues a single-use, time-limited token.
- The AI passes that token with the destructive call.
- If the token does not match or has been used, the call fails.
This stops an AI from publishing or deleting in a single step. It is also a useful audit signal — every destructive action has a corresponding token request you can review later.
Combining preset with WordPress role
The connected WordPress user’s role determines the maximum the AI can do, regardless of preset:
- An Editor user can publish and edit any post.
- An Author user can publish and edit their own posts only.
- A Contributor user can submit drafts only; they cannot publish.
- A Subscriber user can usually do almost nothing.
Pair this with a narrow preset for tighter control. For example, a connection authenticated as a Contributor with the Standard preset still cannot publish, because WordPress itself denies that user the capability.
For most setups, pick the lowest-privilege WordPress role that still lets the workflow happen, and use a preset that matches the workflow.
Recommended starting points
| Use case | Preset | Suggested WordPress role |
|---|---|---|
| First-time setup, exploring the connector | Draft only | Admin (for setup), then narrow |
| Editorial workflows with publish | Content manager | Editor |
| Single-author drafts only | Draft only | Author |
| Audit or read-only research | Read only | Editor (read everywhere) |
| Asset / alt-text agent | Media manager | Editor or a dedicated user |
| SEO-only agent | SEO specialist | Editor |
Changing a connection’s preset later
You can change the preset on any active connection.
- In WordPress admin, open AI Connector → Connections.
- Click the connection you want to update.
- Change the preset or capability groups.
- Save.
The change applies on the AI client’s next request. You do not have to revoke and re-issue the token.
If you make the preset narrower, the AI loses access to tools immediately. If you make it wider, the new tools appear after the client’s next handshake. Some clients only handshake at startup, so a restart can speed up the change.
Kill switch
If something is going wrong and you want to stop all AI activity right now, use the kill switch at the top of AI Connector → Connections. The switch pauses every connection on the site without revoking any of them — flip it back when you are ready and connections resume.
Use it when:
- An agent is misbehaving and you need to stop it immediately.
- You are doing maintenance work and want zero AI traffic.
- You are investigating an audit log entry.
Revoking versus pausing
- Revoke — permanent. The token and connection record are removed. To reconnect, repeat the setup flow.
- Pause (kill switch) — temporary. Connection records survive; AI activity resumes when you flip the switch back.
For an agent you have lost confidence in, revoke. For a planned interruption, pause.
Where to go next
- Troubleshooting — common permission and connection issues
- Connect Claude Desktop
- Connect Claude Web or ChatGPT
Question about this page?
This form tags your question with the product, docs page, and category so support can triage it quickly.