Moodle allows specific roles to be able to change other specific role capabilities based on the context. For example, a teacher in a course may want all students (users with a student role) to be able to edit all forums in that course. Or a teacher may want all students in a specific forum to be able to edit that forum.
If you want to give a specific student the ability to edit a specific activity, see Override permissions.
Course and activity permissions
Role permissions for a course can be changed in Settings > Course administration > Users > Permissions and for a particular activity in Settings > Activity administration > Permissions.
Click the Allow icon (+) opposite a capability to give permission to additional roles or the Prevent icon (X) to take away permission.
Block permissions can be changed by:
- Turn editing on in the course
- Click the assign roles icon (a face and mask) in the header of the block
- Scroll down to the settings block and click the Permissions link
The check permissions feature provides a method to view all roles both in the current context and higher contexts (in Moodle 2.3.2 onwards) and capabilities for a selected user based on their role assignments. These capabilities determine whether or not the selected user is allowed to perform associated tasks within the system or course.
A teacher can check permissions for their course in Settings > Course administration > Users > Permissions > Check permissions and for a particular activity in Settings > Activity administration > Check permissions.
An administrator can check system permissions in Settings > Site administration > Users > Permissions > Check system permissions.
The review permissions for others capability (allowed for the default roles of manager, teacher and non-editing teacher) controls whether a user can check permissions.
Capability overview report
An administrator can generate a capability overview report in Site Administration > Users > Permissions > Capability report.
The report allows the administrator to select a capability and one or more roles. The report will show the role and its permission level for that capability. And if that capability was overridden for the role where in the site. For example, it might show that the gradereport:user view capability for a student role is set at the system level as "Allow" and for Course 1 it is set to "Prohibit".