Role permissions
Moodle1.7
Permission are one of the elements which help define a role. A single permission type is associated with each capability in a defined role. For example, the default role of Teacher (editingteacher) can backup a course because this role has the capability "Backup courses" permission set to "allow".
Generally speaking, permissions are set for specific roles via the site administration block, under Users>Permissions>Define Roles and then using the edit icon next to an existing role to view and change permissions. CAUTION: This is a very powerful and complicated tool, that requires careful thought before editing anything. Not only can it effect a site's security, but it can unexpectedly disrupt the functions.
File:Permission Teacher example1 9.png
Permissions
There are four settings for each capability:
- Inherit
- The default setting. If a capability is set to inherit, the user's permissions remain the same as they are in a less specific context, or another role where the capability is defined. For example, if a student is allowed to attempt quiz questions at the course level, their role in a specific quiz will inherit this setting.
- Allow
- This enables a user to use a capability in a given context. This permission applies for the context that the role gets assigned plus all lower contexts. For example, if a user is assigned the role of student in a course, they will be able to start new discussions in all forums in that course (unless a forum contains an override with a prevent or prohibit value for the capability).
- Prevent
- By choosing this you are removing permission for this capability, even if the users with this role were allowed that permission in a higher context.
- Prohibit
- This is rarely needed, but occasionally you might want to completely deny permissions to a role in a way that can NOT be overridden at any lower context.
Examples of capabilities
The following capabilities are related to roles: