How to not let a user with a new role edit users that have administrator role?

Is there a filter for that?

Yup, there is, and the hook name is user_has_cap.

So try this, which worked for me in WordPress 5.6.1 (latest release as of writing):

add_filter( 'user_has_cap', 'wpse_383109', 10, 4 );
function wpse_383109( $allcaps, $caps, $args, $user ) {
    if ( empty( $args[2] ) || 'edit_user' !== $args[0] ||
        ! in_array( 'suporte', $user->roles )
    ) {
        return $allcaps;
    }

    $user2 = get_userdata( $args[2] );
    if ( $user2 && in_array( 'administrator', $user2->roles ) ) {
        $allcaps['edit_users'] = false;
    }

    return $allcaps;
}

And with that, for example on the Users → All Users admin page (wp-admin/users.php), users with the Suporte role can see the list of Administrators on the site, but the Suporte users won’t be able to edit an Administrator.

And if you wonder, here’s what the above code or function does:

  1. empty( $args[2] ) || 'edit_user' !== $args[0] — this ensures that the requested capability is edit_user and that a specific user ID ($args[2]) is provided. So for example, the condition is true when calling current_user_can( 'edit_user', 123 ).

  2. in_array( 'suporte', $user->roles ) — this checks if the user who is editing the specific user above has the Suporte role.

  3. $user2 && in_array( 'administrator', $user2->roles ) — this checks if the user who is being edited has the Administrator role.

  4. $allcaps['edit_users'] = false; — if all of the three conditions above are met, then this code (temporarily) disables the edit_users capability for the user said in condition #2 above. And if you want, you can also disable other capabilities.. 🙂

Related Posts:

  1. what’s the meaning of the field wp_capabilities in table wp_usermeta
  2. Send user activation email when programmatically creating user
  3. Change default admin page for specific role(s)
  4. Add Custom User Capabilities Before or After the Custom User Role has Been Added?
  5. How to Change the Entire WordPress Admin panel Look and Feel?
  6. How to Structure a New Role/Capability Scheme?
  7. How to add more than 1 user role to sub-menu pages
  8. How to allow Unfiltered HTML in a wordpress multisite install
  9. How to restrict plugin’s sub-menu pages to admin/subscribers?
  10. Execute plugin for specific user role(s) only
  11. query users by role
  12. Hide plugin dashboard menu item for specific roles
  13. get_posts() not working when accessing with a custom user role
  14. Limit role to one plugin [duplicate]
  15. Logout users upon login, based on caps/role?
  16. Set different custom menu items for different user roles
  17. Prevent third party plugin’s admin page access based on user type
  18. wp_dropdown_roles() to replace option value = code
  19. Hide custom post type by user roles
  20. Check user’s role and store in variable
  21. Menu page with minimum capability as ‘Subscriber’ doesn’t allow ‘Admin’ to access it?
  22. How can I change my assigned user role in WordPress 3.5.1?
  23. How to determine which capability to use?
  24. Allow contributor user role to perform copy operation PHP
  25. Enable a role named ‘backend_user’ to access my plugin pages
  26. Add custom parameter for custom user role
  27. Buddy Press restrict the capability to edit users
  28. How I can give access to my custom plugin for editor roles user?
  29. Remove all capabilities in separate method fails versus included in method
  30. Remove from a div by class name from post page if post author role is not administrator
  31. Adding admin for specific users
  32. What is more secure checking capabilities of user or checking role of user in WordPress plugin development
  33. New Users are saved with no role selected
  34. WordPress User Management Departmental Managers
  35. Remove default wordpress roles
  36. What is the advantage of using wp_mail?
  37. Plugin directory “Last Updated” not changed after initial commit?
  38. Calling the widget id of a mult-instance widget from inside the widget?
  39. Do I need to call do_action in my plugin?
  40. Fatal error: Call to undefined function wp_mail()
  41. Does WordPress have an Browser Agent?
  42. How Do I Load My Action Earlier Enough?
  43. Dequeue script, but still use wp_localize_script to pass vars
  44. I can’t find where a hook is being defined in a plugin – Easy Digital Downloads
  45. Filter on the_content ignores shortcodes
  46. Custom theme sufficient or custom plugin neccessary for this feature set?
  47. Replacing WordPress menu functionality with a plugin
  48. Database for development
  49. PHP library that can merge stylesheet with inline style [closed]
  50. using get_option to add a different js
  51. Add Submenu Link in add_submenu_page That Opens in a New Window
  52. WordPress Hook for user account activation in normal Wp (not MU)
  53. How to check if a stylesheet is already loaded?
  54. Where to call wp_enqueue_script in a plugin with custom template?
  55. do_action and add_action on two different installed plugins won’t work
  56. How to override gutenberg paragraph block edit property
  57. WordPress multiple custom post types capability conflict in a single menu
  58. Authorizing a plugin to call Google Analytics v4 API on wp_cron
  59. WordPress pre_get_posts with combined results of two queries (OR)
  60. Plugin directory says that my plugin it’s not availabe in Spanish, but it is
  61. Using ob_get_content to get_search_form puts into infinite loop
  62. Alternatives to DISALLOW_FILE_EDIT wp-config Constant? It Breaks Some Plugins
  63. Declare plugin dependency [duplicate]
  64. How to build a fool proof AdSense revenue sharing model?
  65. Warning: call_user_func_array() expects parameter 1 to be a valid callback
  66. Is there an admin hook that will let me read GET variable before it’s too late to set the header Location
  67. WordPress plugin development OOP style
  68. Let plugin check if taxonomy is already registered by another plugin
  69. How to add custom post widgets as tags into wordpress
  70. Submit form to a different PHP file in the same plugin folder
  71. What might be the reason of Couldn’t fetch mysqli_result on another domain?
  72. How to get terms for taxonomy
  73. If $var is empty, return 404.
  74. wp_insert_post generated mixed permalinks
  75. Adjust query on single
  76. Plugin won’t activate
  77. Is there any way to pass messages from a script to a redirect target in a hidden fashion?
  78. What should I pass for $needed_dirs when calling _unzip_file_pclzip (aka PclZip)?
  79. Custom Path for a Plugin
  80. Plugin could not be activated because it triggered a fatal error?
  81. Get cat parameter from admin-ajax
  82. How to determine primary editor for a page/post
  83. Trigger function on Remove block or add new block in Gutenberg JavaScript
  84. WPGut – Updating failed and shortcode?
  85. How the add_action is included in the plugin development
  86. how to create a shortcode from a variable in plugin
  87. Error Connecting to Database WHEN Installing WordPress on XAMPP [Tried All the Usual Stuff] (Pics Included)
  88. do I need to sanitize a shortcode’s function input?
  89. Email content as comment
  90. WordPress use template
  91. Adding body class in author page for custom role
  92. Warning: Illegal string offset – on homepage
  93. Query only title/field/featured media of posts [closed]
  94. To remove rendering of menus and header, plugin or theme?
  95. How can I give access to my plugin sections in admin?
  96. Displaying External Data – Not Posts
  97. I want to add post meta for picture thum during submit for revision
  98. woocommerce features to add product along with link
  99. Reinitiate Gutenburg’s blocks using javascript
  100. Generating Multiple Divi Pages from Database