These are actually two questions. The second question – how to add categories to attachments – is already answered.
How to restrict uploading attachment to a specific role?
The capability to do that is named upload_files
in WordPress. Some roles have this capability by default: authors, editors, administrators.
I would restrict it to editors and administrators. You can use a run-once plugin for that:
<?php
/* Plugin Name: Change Roles */
add_action( 'admin_notices', 't5_change_roles', 0 );
// Fires on the plugin activation screen just once.
function t5_change_roles()
{
global $wp_roles;
if ( ! isset( $wp_roles ) )
$wp_roles = new WP_Roles;
$existing_roles = get_editable_roles();
foreach ( $existing_roles as $name => $role )
{
if ( 'administrator' === $name )
continue;
if ( 'editor' === $name )
continue;
$wp_roles->remove_cap( $name, 'upload_files' );
}
// Suppress "Plugin activated" notice.
unset( $_GET['activate'] );
print '<div class="updated"><p>Roles are updated, plugin deactivated.</p></div>';
}
But you can also use a plugin like Members and edit the roles per user interface: