The amr-user plugin offers wordpress capability control of access to users lists. In wordpress roles have capabilities, and the capabilities determine what the users can do. User lists can also be tagged as ‘public’ so that a viewer with no role can see the list if used on the front end.
Summary of access control options:
- public lists (ie lists ticked ‘public’ in the settings) can be viewed by anyone
- non-public lists can only be viewed by people with ‘list_users’ capability
- ‘manage_options‘ or ‘manage_userlists‘ (custom capability) can create and edit user lists.
Tailoring access to the lists for roles:
If you want to isolate the ‘manage_userlists’ capability to a non-administrator and you don’t already have a plugin to do that for you, something like Justin Tadlock’s Members plugin is useful.