Note: You are currently viewing documentation for Moodle 1.9. Up-to-date documentation for the latest stable version is available here: Roles FAQ.

Roles FAQ: Difference between revisions

From MoodleDocs
(What is new in roles in Moodle 2.0?)
 
(43 intermediate revisions by 11 users not shown)
Line 1: Line 1:
{{Roles}}
{{Roles}}
==What is the definition of a...==
==What is the definition of a...==


;Role
:An identifier of the user's status in some context, for example Teacher, Student and Forum moderator
;Capability
;Capability
:A description of a particular Moodle feature, for example [[Capabilities/moodle/blog:create|moodle/blog:create]]
:A configurable aspect of behavior.  As of version 1.9 Moodle has over 200 capabilities.  Each capability has a computer friendly name like [[Capabilities/mod/forum:rate|mod/forum:rate]] and a human-friendly name like "Rate posts."
;Permission
;Permission
:A setting for a capability - inherit, allow, prevent or prohibit
:A capability and its value considered as a pair.  There are four possible values: ''Allow'', ''Prevent'', ''Prohibit'' and ''Not set''/''Inherit''. (It is called not-set when defining roles and inherit when overriding permissions.)
;Role
:A named set of permissions, for example Teacher, Student and Forum moderator
;Context
;Context
:A "space" in Moodle, such as courses, activity modules or blocks
:A functional area of Moodle, such as a course, module or block


==Why isn't my role change taking effect?==
==Why isn't my role change taking effect?==


In Moodle 1.9 and newer role changes are immediate; in Moodle 1.7.x and 1.8.x role they are not, and will take effect after the next login from that user. Regarding testing new roles, please refer to the information in [[Manage roles]].
In Moodle 1.7.x and 1.8.x, role assignments and overrides do not take effect immediately.  They are delayed until the next time the user logs in.  Starting with Moodle 1.9, manual role assignments and overrides take effect immediately. However automatic role assignments that result from changes to certain user policies (for example, Default front page role) may be delayed until the next login.
 
If you are testing a new role, [[Manage_roles#Testing_a_new_role | here are some suggestions]].


Also, please check the context in which the role is assigned. Certain capabilities e.g. [[Capabilities/moodle/user:update|moodle/user:update]] may only be applied in the system context, so assigning a role in the course context will result in the role change not taking effect.
Also, please check the context in which the role is assigned. Certain capabilities e.g. [[Capabilities/moodle/user:update|moodle/user:update]] may only be applied in the System context, so giving such permissions in the course context will have no effect.


==Why are participants being added automatically when a new course is created?==
==Why do I not have my Course creator role when I also have a student role in my course?==


If a user is assigned a system role or a role in the course category context then the user has this role in ALL courses in that context. Thus users who are students or teachers at the category level appear as course participants in all courses in that category.
If a user has two roles assigned for a course the system will default to the lowest level role, in this case the Student Role. The best advise is to hold only one role.  If you want to see things from the student perspective use the switch roles to function or create a phantom student.
 
==Why are all my teacher accounts automatically added as "Teachers" in all my courses?==


Please check ''Administration > Users > Permissions > Assign system roles'' and also the Assign roles link in course categories page and unassign users as necessary.
If a user is assigned a role in the System context (Site administration -> Users -> Permissions -> Assign system roles) or in a Course category context, then the user will have this role in ALL courses within the context. For example, a user who is assigned the Teacher role in the System context will appear as a Teacher in all courses on the site, including the Front page course.
 
Except in very special cases, teachers and students should be assigned their respective roles in a Course context.  When these roles are assigned in a System context, it is almost always an error on the part of the administrator.
 
If you have accidentally assigned a System role, go to ''Administration > Users > Permissions > Assign system roles'' unassign users using the right-facing arrow button.  Then re-assign the roles in the appropriate Course context.


==Why are all students enrolled in all courses?==
==Why are all students enrolled in all courses?==
Line 43: Line 50:
Hidden assignments are not hidden from admins or teachers i.e. users with the [[Capabilities/moodle/role:viewhiddenassigns|viewhiddenassigns capability]].
Hidden assignments are not hidden from admins or teachers i.e. users with the [[Capabilities/moodle/role:viewhiddenassigns|viewhiddenassigns capability]].


==Where are permissions inherited from?==
==When defining roles, what is the difference between Prevent and Not set?==


Permissions are inherited from a role assigned in a higher-level context which has permissions set to allow for particular capabilities. If permission is never allowed/not set in any context (in particular, if you are creating or editing a role at the site level), then a user will have no permission for that capability.
Short answer: When defining roles, you almost always want to use Allow or Not set. Prevent is for special occasions.


For example, the Student role has permission not set for the change site configuration capability. The permission is never allowed in any context so users assigned the role of Student cannot change the site configuration.
If the permission for capability X is 'Not set', then having the roles does not let you do X, but something else might.
 
If the permission for capability X is 'Prevent', then having that role actively prevents you from doing X. (Unless a more specific 'Allow' exists.)
 
Some examples: Suppose you are in a course, and you have role Student in the course, and role Authenticated user in the site, so the Student role is more specific in this course.
* If Student has '''Not set''', and Authenticated user has '''Not set''', then you '''are not''' allowed to do X.
* If Student has '''Not set''', and Authenticated user has '''Allow''', then you '''are''' allowed to do X.
* If Student has '''Prevent''', and Authenticated user has '''Allow''', then you '''are not''' allowed to do X.
* If Student has '''Allow''', and Authenticated user has '''Prevent''', then you '''are''' allowed to do X.
 
For the full story, see [[How permissions are calculated]].


==What is my role here?==
==What is my role here?==


This is a frequently asked question, but an improper one.  The correct question is "What are my ''permissions'' here?"  In any given context, you often have two or more roles.  In addition, one or more role overrides may be in effect.  Your permissions in a given context are a result of "adding" the individual permissions from these roles and overrides according to certain rules.  As Tim Hunt writes in [http://moodle.org/mod/forum/discuss.php?d=90140 this discussion], the rules "normally do what you expect."  However when permissions conflict, the results can be surprising, and it pays to understand the [[rules for adding permissions]].
This is a frequently asked question, but an improper one.  The correct question is "What are my ''permissions'' here?"  In any given context, you often have two or more roles.  In addition, one or more role overrides may be in effect.  Your permissions in a given context are a result of "adding" the individual permissions from these roles and overrides according to certain rules.  As Tim Hunt writes in [http://moodle.org/mod/forum/discuss.php?d=90140 this discussion], the rules "normally do what you expect."  However when permissions conflict, the results can be surprising, and it pays to understand [[How permissions are calculated]].


==How do I debug a roles-related problem?==
==How do I debug a roles-related problem?==


If you're having a problem that you suspect is related to roles, consider using [[The rolesdebug.php roles debugging script | the rolesdebug.php roles debugging script]].  You can download it from the [http://moodle.org/mod/data/view.php?d=13&rid=1204 Modules and plugins database].  The script gives you a spatial view of your role assignments and overrides in a given context, and analyzes your permissions there.  To interpret the output requires a basic understanding of roles and capabilities.  If you are a complete roles novice, run the script and post the output to the [http://moodle.org/mod/forum/view.php?id=6826 Roles and Capabilities Forum].
If you're having a problem that you suspect is related to roles, consider using [[The rolesdebug.php roles debugging script | the rolesdebug.php roles debugging script]].  You can download it from the [http://moodle.org/mod/data/view.php?d=13&rid=1204 Modules and plugins database].  The script gives you a spatial view of your role assignments and overrides in a given context, and analyzes your permissions there.  To interpret the output requires a basic understanding of roles and capabilities.  If you are a complete roles novice, run the script and post the output to the [http://moodle.org/mod/forum/view.php?id=6826 Roles and Capabilities Forum].
==How can I prevent a user from changing their own password?==
To prevent a user from changing their own password, you must make sure they do not have [[Capabilities/moodle/user:changeownpassword|moodle/user:changeownpassword]] (in Moodle 1.9 onwards) = Allow in the System context. The Authenticated user role (which is assigned to users in the System context) has moodle/user:changeownpassword = Allow by default, so you have two choices:
# Edit Authenticated user, setting moodle/user:changeownpassword = Not set
# Create a new role CannotChangeOwnPassword with moodle/user:changeownpassword = Prevent and all other permissions Not set and assign the role to selected users in the System context (Site administration -> Users -> Permissions -> Assign system roles).
Choice (1) will prevent ''all'' users from changing their passwords (except for the administrator, who can do anything).  To selectively allow selected users (say teachers) to change their passwords, you could create a new role CanChangeOwnPassword with moodle/user:changeownpassword = Allow and all other permissions not set and assign the role to selected users in the System context (Site administration -> Users -> Permissions -> Assign system roles).
Choice (2) allows you to be selective, but if you have a lot of users that you want to prevent (say, all students), you will have to make a lot of role assignments in the System context.  There is currently no convenient way to do this, so you might consider choice (1).
Note that you MUST deal with this permission in the System context.
==How can I prevent a user from editing their own profile?==
See [[Roles_FAQ#How can I prevent a user from changing their own password? | How can I prevent a user from changing their own password?]]  The answer to this question is the same if you substitute ''edit their own profile'' for ''change their own password'' and ''[[Capabilities/moodle/user:editownprofile|moodle/user:editownprofile]]'' (in Moodle 1.9 onwards) for ''moodle/user:changeownpassword.''
==Do roles have an inheritance relationship?==
No. Roles are completely independent.
* When you create a new role by copying an existing role, it is just like copying a file: the original and the copy are identical at the outset, but the copy has no ongoing relationship with the original.  Changes to the original do not affect the copy and ''vice versa''.
* When you create a new role and select a value such as LEGACY:Student from the Legacy role type dropdown, you are not "inheriting" from the Student role.  You are simply indicating that you want your role to have the same defaults as Student.
* Course creator does not "inherit" from Teacher (a common misconception).  As with all roles, the two roles are completely independent.  Course creator is actually a very simple role that can basically only create courses and not much else.  However a user who creates a course is automatically assigned the role of Teacher in the newly-created course.  This is how a course creator gets her teaching abilities within a course.
* Since roles are independent of each other, ordering roles at Site Administration > Users > Permissions > Define roles does not have any impact on capabilities or permissions. The only effect of ordering roles is how they are displayed in each context.


==Are there any differences in Roles in Moodle 1.7 and 1.8?==
==Are there any differences in Roles in Moodle 1.7 and 1.8?==
Line 77: Line 119:


#Access ''Administration > Users > Permissions > Define roles''.
#Access ''Administration > Users > Permissions > Define roles''.
#Edit the teacher role and change the capability [[Capabilities/moodle/role:override|moodle/role:override]] to allow.
#Edit the teacher role and change the capability [[Capabilities/moodle/role:override|moodle/role:override]] (or [[Capabilities/moodle/role:safeoverride|moodle/role:safeoverride]] in Moodle 1.9.3 onwards) to allow.
#Click the button "Save changes".
#Click the button "Save changes".
#Click the tab "Allow role overrides" (in ''Administration > Users > Permissions > Define roles'').
#Click the tab "Allow role overrides" (in ''Administration > Users > Permissions > Define roles'').
#Check the appropriate box to allow a teacher to override the student role.
#Check the appropriate box(s) in the teacher row to set which role(s) teachers can override. Most likely it will just be the student role (you don't want teachers to be able to override admins!), so check the box where the teacher row intersects with the student column.
#Click the button "Save changes".
#Click the button "Save changes".


Line 100: Line 142:
*[[Parent role|Parent]] - for providing parents/mentors/tutors with permission to view certain information about their children/mentees/tutees
*[[Parent role|Parent]] - for providing parents/mentors/tutors with permission to view certain information about their children/mentees/tutees
*[[Demo teacher role|Demo teacher]] - for providing a demonstration teacher account with a password which can't be changed
*[[Demo teacher role|Demo teacher]] - for providing a demonstration teacher account with a password which can't be changed
*[[Forum moderator role]] - for providing a user with permission in a particular forum to edit or delete forum posts, split discussions and move discussions to other forums
*[[Forum moderator role|Forum moderator]] - for providing a user with permission in a particular forum to edit or delete forum posts, split discussions and move discussions to other forums
*[[Keyholder role]] - for setting the person named as holding a course [[Enrolment key|enrolment key]]
*[[Calendar editor role|Calendar editor]] - for providing a user with permission to add site events to the calendar
*[[Calendar editor role|Calendar editor]] - for providing a user with permission to add site events to the calendar
*[[Blogger role]] - for limiting blogging to specific users only
*[[Blogger role|Blogger]] - for limiting blogging to specific users only
*[[Quiz user with unlimited time role|Quiz user with unlimited time]] - for allowing a user unlimited time to attempt a quiz which has a time limit set
*[[Question creator role|Question creator]] - for enabling students to create questions for use in quizzes
*[[Course requester role]] - for restricting users who can make course requests


==Logged-in users can't read the site news. What can I do?==
==Logged-in users can't read the site news. What can I do?==


#Access ''Site Administration > Front Page > Front Page roles''
See [[News forum]] for details.
#Follow the "Override roles" link
#Click on "Authenticated User"
#Scroll down to '''Forum'''
#Change the capability [[Capabilities/mod/forum:viewdiscussion|mod/forum:viewdiscussion]] to ''allow''
#Click the "Save changes" button at the bottom of the page


==How do I enable logged-in users to participate in front page activities?==
==How do I enable logged-in users to participate in front page activities?==
Line 118: Line 157:
Either:
Either:
#Access ''Site Administration > Front Page > Front Page roles''
#Access ''Site Administration > Front Page > Front Page roles''
#Follow the "Override roles" link
#Follow the "Override permissions" link
#Click on "Authenticated User"
#Click on "Authenticated User"
#Change capabilities to ''allow'' for all required activities e.g. record a choice, reply to posts
#Change capabilities to ''allow'' for all required activities e.g. record a choice, reply to posts
Line 133: Line 172:
#Access ''Site Administration > Front Page > Front Page settings''
#Access ''Site Administration > Front Page > Front Page settings''
#Set the default front page role to student.
#Set the default front page role to student.
Note: Setting the default front page role to student is not sufficient to enable logged-in users to participate in front page choice activities. A permissions override should be used instead.
==How do I assign a role for a front page activity?==
# Assign the user a front page role, such as student, in ''Administration > Front Page > Front Page roles''.
# Click the "Locally assigned roles" tab in editing activity page for the front page activity.
# Choose the type of role you wish to assign.
# Use the left-facing arrow button to add a particular user to the list of users with the role.
If a user is unassigned from a front page role AFTER being assigned a role for a front page activity, they remain assigned the role for the front page activity.
Note: The above steps are only necessary in versions of Moodle prior to 1.9.4.
==How do I copy a custom role from one Moodle site to another==
There is no import and export facility for roles, but it can be achieved nearly as easily using backup and restore.
# Create an empty course with all the default settings
# Assign anybody to your custom role (or roles) within the course
# Backup the course (all defaults are fine)
# Download the backup file
# Upload the backup file to the site files of the target Moodle
# Restore the course (all defaults are fine)
# Delete the course.
You will find that the custom roles have been recreated in the target site.
==What is the difference between the capabilities moodle/role:override and moodle/role:safeoverride?==
{{Moodle 1.9}}The capability [[Capabilities/moodle/role:safeoverride|moodle/role:safeoverride]] was added to Moodle 1.9.3 onwards, as a way of enabling teachers to [[Override permissions|override permissions]] safely. The capability moodle/role:override allows a user to override all permissions, whereas moodle/role:safeoverride only allows a user to override capabilities that do not have major risks attached to them.
==I locked myself out of the Administrator role. What do I do?==
If all else fails download the [http://cvs.moodle.org/contrib/tools/adminfix/ adminfix.php] script. The instructions are in the comments at the top of the file. Note, that this is a big hammer and should only be used if you are truly stuck.
==How can I prevent students from editing their profile?==
If you only want students to be prevented from editing their profile, and not all users, you can create a new role, such as Restricted user as described in the [[Demo teacher role]], with moodle/user:editownprofile set to prevent, and assign it to all students in the system context.
Alternatively, you could change moodle/user:editownprofile to not set for the [[Authenticated user role]], then create a new role for teachers with moodle/user:editownprofile set to allow.
==What is new in roles in Moodle 2.0?==
See [[Roles 2.0]].
== See also ==
* [[Roles and capabilities]]
* [[Useful things a teacher can do with roles]]
* [[Context]]
* Using Moodle [http://moodle.org/mod/forum/view.php?id=6826 Roles and Capabilities forum]
Using Moodle forum discussions:
*[http://moodle.org/mod/forum/discuss.php?d=103109 Deny File Download to Guests?]


[[Category:FAQ]]
[[Category:FAQ]]


[[de:Rollen FAQ]]
[[es:FAQ_roles]]
[[es:FAQ_roles]]
[[fr:FAQ des rôles]]
[[fr:FAQ des rôles]]
[[ja:ロールFAQ]]
[[ja:ロールFAQ]]
[[ru:FAQ по ролям]]
[[ru:FAQ по ролям]]

Latest revision as of 17:22, 30 November 2010


What is the definition of a...

Capability
A configurable aspect of behavior. As of version 1.9 Moodle has over 200 capabilities. Each capability has a computer friendly name like mod/forum:rate and a human-friendly name like "Rate posts."
Permission
A capability and its value considered as a pair. There are four possible values: Allow, Prevent, Prohibit and Not set/Inherit. (It is called not-set when defining roles and inherit when overriding permissions.)
Role
A named set of permissions, for example Teacher, Student and Forum moderator
Context
A functional area of Moodle, such as a course, module or block

Why isn't my role change taking effect?

In Moodle 1.7.x and 1.8.x, role assignments and overrides do not take effect immediately. They are delayed until the next time the user logs in. Starting with Moodle 1.9, manual role assignments and overrides take effect immediately. However automatic role assignments that result from changes to certain user policies (for example, Default front page role) may be delayed until the next login.

If you are testing a new role, here are some suggestions.

Also, please check the context in which the role is assigned. Certain capabilities e.g. moodle/user:update may only be applied in the System context, so giving such permissions in the course context will have no effect.

Why do I not have my Course creator role when I also have a student role in my course?

If a user has two roles assigned for a course the system will default to the lowest level role, in this case the Student Role. The best advise is to hold only one role. If you want to see things from the student perspective use the switch roles to function or create a phantom student.

Why are all my teacher accounts automatically added as "Teachers" in all my courses?

If a user is assigned a role in the System context (Site administration -> Users -> Permissions -> Assign system roles) or in a Course category context, then the user will have this role in ALL courses within the context. For example, a user who is assigned the Teacher role in the System context will appear as a Teacher in all courses on the site, including the Front page course.

Except in very special cases, teachers and students should be assigned their respective roles in a Course context. When these roles are assigned in a System context, it is almost always an error on the part of the administrator.

If you have accidentally assigned a System role, go to Administration > Users > Permissions > Assign system roles unassign users using the right-facing arrow button. Then re-assign the roles in the appropriate Course context.

Why are all students enrolled in all courses?

Either

  • Users are assigned the role of student in the site/system context rather than the course context (see FAQ above)

Or

  • The default role for all users in Administration > Users > Permissions > User policies is set to Student rather than Authenticated user (Moodle 1.8 onwards).

Why are there differences in the users listed as course participants and users assigned roles in a course?

Users assigned roles in a higher context, for example users assigned the role of teacher in a course category context, may appear as course participants. The discussion Discrepancies between Assign Roles lists and Participants list contains a longer explanation.

How can I prevent administrators being listed as course participants?

Ensure that administrators are not assigned another role in addition to their admin role.

Why are hidden assignments still visible?

Hidden assignments are not hidden from admins or teachers i.e. users with the viewhiddenassigns capability.

When defining roles, what is the difference between Prevent and Not set?

Short answer: When defining roles, you almost always want to use Allow or Not set. Prevent is for special occasions.

If the permission for capability X is 'Not set', then having the roles does not let you do X, but something else might.

If the permission for capability X is 'Prevent', then having that role actively prevents you from doing X. (Unless a more specific 'Allow' exists.)

Some examples: Suppose you are in a course, and you have role Student in the course, and role Authenticated user in the site, so the Student role is more specific in this course.

  • If Student has Not set, and Authenticated user has Not set, then you are not allowed to do X.
  • If Student has Not set, and Authenticated user has Allow, then you are allowed to do X.
  • If Student has Prevent, and Authenticated user has Allow, then you are not allowed to do X.
  • If Student has Allow, and Authenticated user has Prevent, then you are allowed to do X.

For the full story, see How permissions are calculated.

What is my role here?

This is a frequently asked question, but an improper one. The correct question is "What are my permissions here?" In any given context, you often have two or more roles. In addition, one or more role overrides may be in effect. Your permissions in a given context are a result of "adding" the individual permissions from these roles and overrides according to certain rules. As Tim Hunt writes in this discussion, the rules "normally do what you expect." However when permissions conflict, the results can be surprising, and it pays to understand How permissions are calculated.

How do I debug a roles-related problem?

If you're having a problem that you suspect is related to roles, consider using the rolesdebug.php roles debugging script. You can download it from the Modules and plugins database. The script gives you a spatial view of your role assignments and overrides in a given context, and analyzes your permissions there. To interpret the output requires a basic understanding of roles and capabilities. If you are a complete roles novice, run the script and post the output to the Roles and Capabilities Forum.

How can I prevent a user from changing their own password?

To prevent a user from changing their own password, you must make sure they do not have moodle/user:changeownpassword (in Moodle 1.9 onwards) = Allow in the System context. The Authenticated user role (which is assigned to users in the System context) has moodle/user:changeownpassword = Allow by default, so you have two choices:

  1. Edit Authenticated user, setting moodle/user:changeownpassword = Not set
  2. Create a new role CannotChangeOwnPassword with moodle/user:changeownpassword = Prevent and all other permissions Not set and assign the role to selected users in the System context (Site administration -> Users -> Permissions -> Assign system roles).

Choice (1) will prevent all users from changing their passwords (except for the administrator, who can do anything). To selectively allow selected users (say teachers) to change their passwords, you could create a new role CanChangeOwnPassword with moodle/user:changeownpassword = Allow and all other permissions not set and assign the role to selected users in the System context (Site administration -> Users -> Permissions -> Assign system roles).

Choice (2) allows you to be selective, but if you have a lot of users that you want to prevent (say, all students), you will have to make a lot of role assignments in the System context. There is currently no convenient way to do this, so you might consider choice (1).

Note that you MUST deal with this permission in the System context.

How can I prevent a user from editing their own profile?

See How can I prevent a user from changing their own password? The answer to this question is the same if you substitute edit their own profile for change their own password and moodle/user:editownprofile (in Moodle 1.9 onwards) for moodle/user:changeownpassword.

Do roles have an inheritance relationship?

No. Roles are completely independent.

  • When you create a new role by copying an existing role, it is just like copying a file: the original and the copy are identical at the outset, but the copy has no ongoing relationship with the original. Changes to the original do not affect the copy and vice versa.
  • When you create a new role and select a value such as LEGACY:Student from the Legacy role type dropdown, you are not "inheriting" from the Student role. You are simply indicating that you want your role to have the same defaults as Student.
  • Course creator does not "inherit" from Teacher (a common misconception). As with all roles, the two roles are completely independent. Course creator is actually a very simple role that can basically only create courses and not much else. However a user who creates a course is automatically assigned the role of Teacher in the newly-created course. This is how a course creator gets her teaching abilities within a course.
  • Since roles are independent of each other, ordering roles at Site Administration > Users > Permissions > Define roles does not have any impact on capabilities or permissions. The only effect of ordering roles is how they are displayed in each context.

Are there any differences in Roles in Moodle 1.7 and 1.8?

In addition to many Roles fixes and refinements (see the list of Roles improvements in the Tracker), in Moodle 1.8 the system context is separated from the front page context. Roles may be assigned in the front page context via Administration > Front Page > Front Page roles.

A "Duplicate role" button has been added in Moodle 1.8, which makes creating new roles based on predefined roles much quicker.

How do I change the name for "teacher" in the course description?

Either

  • Edit the role of Teacher via Administration > Users > Permissions > Define roles and rename it. The new name will apply site-wide.

Or

  • Create a duplicate teacher role with an alternative name and assign users the duplicate teacher role as appropriate in the course context. In Administration > Appearance > Course manager select the alternative name for teacher that you wish to be displayed in the course description.

Or

  • One more way to do it in 1.8 is to create new "dummy" roles (no capabilities) with those names and assign them to teachers along with the real roles. In the course manager settings you can choose which roles display on the front page under each course. (The feature request Ability to assign or display custom title for role of person in course contains this further method.)

Moodle1.9

From Moodle 1.9 onwards, names for different roles in a course may be changed in the course settings.

How do I enable teachers to set role overrides?

  1. Access Administration > Users > Permissions > Define roles.
  2. Edit the teacher role and change the capability moodle/role:override (or moodle/role:safeoverride in Moodle 1.9.3 onwards) to allow.
  3. Click the button "Save changes".
  4. Click the tab "Allow role overrides" (in Administration > Users > Permissions > Define roles).
  5. Check the appropriate box(s) in the teacher row to set which role(s) teachers can override. Most likely it will just be the student role (you don't want teachers to be able to override admins!), so check the box where the teacher row intersects with the student column.
  6. Click the button "Save changes".

How do I enable teachers to assign other teachers in a course?

This is disabled by default but it can be switched on by modifying the teacher's role. In Administration > Users > Permissions > Define roles select the "Allow role assignments" tab and tick the checkbox where Teacher and Teacher intersect.

Why doesn't "Switch role to.." within a course seem to work properly for a course creator?

This feature is intended for teachers so that they can see how their course appears for students. It doesn't work reliably outside the course.

Further information about this feature can be found in Switch roles and the paragraph on testing a new role in Manage roles.

Are there any example roles?

Yes, as follows:

  • Inspector - for providing external inspectors with permission to view all courses (without being required to enrol)
  • Parent - for providing parents/mentors/tutors with permission to view certain information about their children/mentees/tutees
  • Demo teacher - for providing a demonstration teacher account with a password which can't be changed
  • Forum moderator - for providing a user with permission in a particular forum to edit or delete forum posts, split discussions and move discussions to other forums
  • Calendar editor - for providing a user with permission to add site events to the calendar
  • Blogger - for limiting blogging to specific users only
  • Quiz user with unlimited time - for allowing a user unlimited time to attempt a quiz which has a time limit set
  • Question creator - for enabling students to create questions for use in quizzes
  • Course requester role - for restricting users who can make course requests

Logged-in users can't read the site news. What can I do?

See News forum for details.

How do I enable logged-in users to participate in front page activities?

Either:

  1. Access Site Administration > Front Page > Front Page roles
  2. Follow the "Override permissions" link
  3. Click on "Authenticated User"
  4. Change capabilities to allow for all required activities e.g. record a choice, reply to posts
  5. Click the "Save changes" button at the bottom of the page

Note that for this to work, you need to make the default role for all users "authenticated user". This is the default for new versions of Moodle. In older versions, the default setting is guest, so if you have recently upgraded, you may have to change this setting. You can change the setting via Site Administration > Permissions > User Policies.

Or:

  1. Access Site Administration > Front Page > Front Page roles
  2. Click on Student
  3. Select all users in the potential users list, and use the left-facing arrow button to add them to the existing users list

Moodle1.9

Or, in Moodle 1.9 onwards:

  1. Access Site Administration > Front Page > Front Page settings
  2. Set the default front page role to student.

Note: Setting the default front page role to student is not sufficient to enable logged-in users to participate in front page choice activities. A permissions override should be used instead.

How do I assign a role for a front page activity?

  1. Assign the user a front page role, such as student, in Administration > Front Page > Front Page roles.
  2. Click the "Locally assigned roles" tab in editing activity page for the front page activity.
  3. Choose the type of role you wish to assign.
  4. Use the left-facing arrow button to add a particular user to the list of users with the role.

If a user is unassigned from a front page role AFTER being assigned a role for a front page activity, they remain assigned the role for the front page activity.

Note: The above steps are only necessary in versions of Moodle prior to 1.9.4.

How do I copy a custom role from one Moodle site to another

There is no import and export facility for roles, but it can be achieved nearly as easily using backup and restore.

  1. Create an empty course with all the default settings
  2. Assign anybody to your custom role (or roles) within the course
  3. Backup the course (all defaults are fine)
  4. Download the backup file
  5. Upload the backup file to the site files of the target Moodle
  6. Restore the course (all defaults are fine)
  7. Delete the course.

You will find that the custom roles have been recreated in the target site.

What is the difference between the capabilities moodle/role:override and moodle/role:safeoverride?

Moodle1.9

The capability moodle/role:safeoverride was added to Moodle 1.9.3 onwards, as a way of enabling teachers to override permissions safely. The capability moodle/role:override allows a user to override all permissions, whereas moodle/role:safeoverride only allows a user to override capabilities that do not have major risks attached to them.

I locked myself out of the Administrator role. What do I do?

If all else fails download the adminfix.php script. The instructions are in the comments at the top of the file. Note, that this is a big hammer and should only be used if you are truly stuck.

How can I prevent students from editing their profile?

If you only want students to be prevented from editing their profile, and not all users, you can create a new role, such as Restricted user as described in the Demo teacher role, with moodle/user:editownprofile set to prevent, and assign it to all students in the system context.

Alternatively, you could change moodle/user:editownprofile to not set for the Authenticated user role, then create a new role for teachers with moodle/user:editownprofile set to allow.

What is new in roles in Moodle 2.0?

See Roles 2.0.

See also

Using Moodle forum discussions: