Earlier, I wrote a quick article that introduced WordPress Roles and Capabilities. Today, I revisited that page to figure out how to make it so that my new custom post type would only be accessible by the Administrator. The Codex page did not really make me understand. So, after playing around for a little while, it hit me how these capabilities really work and I ended up adding this to the arguments of register_post_type:
'capabilities' => array ( 'delete_others_posts' => 'manage_options', 'delete_post' => 'manage_options', 'delete_posts' => 'manage_options', 'delete_private_posts' => 'manage_options', 'delete_published_posts' => 'manage_options', 'edit_others_posts' => 'manage_options', 'edit_post' => 'manage_options', 'edit_posts' => 'manage_options', 'edit_private_posts' => 'manage_options', 'edit_published_posts' => 'manage_options', 'publish_posts' => 'manage_options', 'read_post' => 'manage_options', 'read_private_posts' => 'manage_options', )
In short, ‘manage_options’ is an Administrator-only capability. The capabilities on the left act as ‘kinds’ and the capabilities on the right act as ‘levels’. Voila!