Managing roles
Template:Moodle 1.7
Moodle 1.7 allows the administrator to add or edit existing roles available on the Moodle site. This is done through the Administration block>>User>>Permission>>Define roles menu area. Remember that Moodle comes with 7 default roles and adding and editing roles is completely optional.
Define roles
There are 3 tabs on the define role page.
- Manage roles - The place to add and define permissions for a new role, or edit name and/or permissions associated with existing Moodle roles.
- Allow role assignments - A matrix which determines which role can assign users to other roles.
- Allow role overrides - A matrix which determines which role can override a previously assigned role. The default is that only an administrator can override any role assigned by another role.
Permissions
The permissions matrix allows a very granular approach to assigning rights to a role (a class of users). Assigning or editing permissions should be done with great care. A change can produce a profound unwanted effect, or an annoying effect that will be hard to understand the cause.
There are over 150 lines of capabilities where any of 4 different permissions can be assigned. The capabilities are grouped in 21 catagories. We strongly recommend not to change the LEGACY roles. Here is the top of the list.
Permission terms
From lowest to highest, from general to specific.
- Inherit - pass along from before [lowest level, always loses]
- Allow - let happen or permit [same level as prevent]
- Prevent - stop [same level as allow]
- Prohibit - forbid {highest level, always wins]
Permission examples
Inherit: if no permission is defined, then the capability permission is inherited from a context that is more general than the current context.
Allow and prevent will cancel each other out if set for the same capability at the same context level. If this happens, we refer to the previous context level to determine the permission for the capability.
Prohibit: If we set prohibit on a capability, it means that the capability cannot be overridden. Prohibit always wins and creates a permenant stop.
Since the capabilities in each role could be different and participants can be assigned different roles, there could be a conflict in capabilities. The hierarchy of permissions resolves this by saying that the capability defined for a more specific context will win, unless an prohibit is encountered in a less specific context.
Example 1. Mark has a student role in Course One, which allows all students to write into the wikis "Everyone" and "Homework". But Mark also got assigned a Visitor role at a module context level (for the wiki "Honors") and Visitors are prevented writing in the Honors wiki. Thus Mark can write into the "Everyone" and "Homework" wikis but not in "Honors".
Example 2.Jeff has been assigned to a "naughty student" role that prohibits him from postings in any forums for the whole site. However his teacher assigned him a "facilitator" role in "Science forum" in the course Science and Math 101. Since a higher context prohibit permission always wins, Jeff is unable to post in "Science forum".
Examples of roles
Why would a site want different roles? Consider
*Site Designers | *Educational Authority Adviser | *Educational Inspector | |
*Second Marker / Moderator | *Peer observer of teaching | *External Examiner | |
*Parent | *Manager | *Weekly Seminar Leader | |
*Mentor/Mentee | *Community-Designed Rating Criteria | *Visitor | |
*Guest Speaker | *Former Student | *Alumnus | |
*Librarian | *Teacher | *Community Education Tutors/Trainers | |
*Secretary/Student Worker | *Teaching Assistant | *Student - FERPA rights | |
*Help Desk |
Basic concept definitions
- A role is an identifier of the user's status in some context. For example, teacher, student and forum moderator are examples of roles.
- A capability is a description of some particular Moodle feature. Capabilities are associated with roles. For example, being able to reply to a forum post is a capability.
- A permission is some value that is assigned for a capability for a particular role. For example, using the prevent permission to limit all students from posting to any forum.
- A context is a "space" in the Moodle, such as courses, activity modules, blocks, forums etc.
- A hierarchy of permissions determines which permission wins or is going to be in effect if there is an apparent conflict. For example, the site allow all students the permission to to post in forums, but a teacher might prevent that right in a particular course. The hieracary of permissions would allow a student to post in one course but not in another course.