Roles for Custom Post Types

I’m sure you could specify some capabilities while registering the Post Type itself. Although, here is a more robust version that can be used widely across the administration dashboard.

/**
 * Hide dashboard administrator menus from disallowed user roles.
 *
 * @author Michael Ecklund
 * @author_url https://www.michaelbrentecklund.com/
 *
 * @return void
 */
function mbe_hide_menus() {

    global $current_user, $menu;

    # Set list of disallowed user roles.
    $disallowed_roles = array( 'subscriber', 'author', 'editor' );
    $disallowed       = false;

    # Check current user role against all disallowed roles.
    foreach ( $disallowed_roles as $disallowed_role ) {

        # Current user role must not be disallowed.
        if ( in_array( $disallowed_role, $current_user->roles ) ) {

            $disallowed = true;// User role disallowed.
            break;

        }

    }

    # User passed the check. Bail before hiding the menu.
    if ( $disallowed === false ) {
        return;
    }

    # Set list of disallowed dashboard administration menus.
    $restricted = array(
        __( 'INSERT MENU NAME HERE' )// Text as it appears in the admin menu.
    );

    # Attempt to hide admin menus.
    foreach ( $menu as $index => $menu_data ) {

        if ( in_array( $menu_data[0], $restricted ) ) {
            unset( $menu[ $index ] );
        }

    }

}

In order to fire the function, you must add the action.

add_action('admin_menu', 'mbe_hide_menus', 101);

The above code only goes as far as hiding the admin menus form displaying to the user. They can still directly access the pages if they know the correct URLs.

You can use this to deny specific admin pages from being accessed by unprivileged users.

/**
 * Restrict admin pages from unprivileged users.
 *
 * @author Michael Ecklund
 * @author_url https://www.michaelbrentecklund.com/
 *
 * @return void
 */
function mbe_disallow_admin_pages() {

    global $pagenow;

    # Skip checking administrative users.
    if ( current_user_can( 'administrator' ) ) {
        return;
    }

    # Set denyable & hookable list of admin pages.
    $page_slugs = apply_filters( 'mbe_disallowed_admin_pages', array(
        'admin.php'           => 'jetpack',
        'options-general.php' => ''
    ) );

    # Page parameter isn't always present.
    if ( ! isset( $_GET['page'] ) ) {
        $page="";
    }

    # Check current admin page against denied admin page list.
    if ( array_key_exists( $pagenow, $page_slugs ) && in_array( $page, $page_slugs ) ) {
        wp_die( 'You do not have sufficient permissions to access this page.' );
    }

}

In order to fire the function, you must add the action.

add_action( 'admin_init', 'mbe_disallow_admin_pages' );

tech