When a new post type is registered on your site, WordPress automatically sets the permissions. Those permissions are borrowed from Posts and Pages capabilities. This allows Authors and Editors access to the new post type without any further configuration. For most use cases, this is a good choice. However, it does limit the site Administrator’s flexibility in customizing access.
Some custom post types defined by third party code or CPT management plugins will include unique capability definitions and automatically assign those to certain roles. But even then, some of the capabilities may still be shared with another post type. For Administrators who want greater control, Capability Manager provides a way to ensure that each capability defined for a post type can be uniquely granted or removed from any role.
To enable this feature for a post type, go to Users > Capabilities. Look for the “Type-Specific Capabilities” box in the right sidebar. Checking these boxes will trigger new capability requirements for the selected post types.
After enabling this feature, you can review each role’s Edit, Create and Delete checkbox areas. There will be new checkboxes that you can enable for each role.
Here are some examples of Type-Specific Capabilities in action: