Override permissions: Difference between revisions
Helen Foster (talk | contribs) (→Enabling teachers to override permissions: pre-1.9.3) |
Helen Foster (talk | contribs) (ability to override permissions) |
||
Line 7: | Line 7: | ||
The interface for overriding permissions is similar to the one for defining roles, except only relevant capabilities are shown. Inherited permissions are highlighted. | The interface for overriding permissions is similar to the one for defining roles, except only relevant capabilities are shown. Inherited permissions are highlighted. | ||
Note: Prior to Moodle 1.9, the override permissions page was named "Override roles". | Note: Prior to Moodle 1.9, the override permissions page was named "Override roles". | ||
Line 35: | Line 35: | ||
*User context: "Override permissions" link via roles tab in user profile page | *User context: "Override permissions" link via roles tab in user profile page | ||
== | ==Ability to override permissions== | ||
Users who have the capability [[Capabilities/moodle/role:override|moodle/role:override]] allowed (or, in Moodle 1.9.3 onwards, the capability [[Capabilities/moodle/role:safeoverride|moodle/role:safeoverride]] allowed) can override permissions for selected roles (as set in [[Allow role overrides]]). | |||
The default administrator role has the capability moodle/role:override allowed, and admins can override permissions for all other roles by default. | |||
{{Moodle 1.9}}In Moodle 1.9.3 onwards, the default teacher role has the capability moodle/role:safeoverride allowed, and teachers can override certain permissions (i.e. ones without major risks attached to them) for non-editing teacher, student and guest roles by default. | |||
==Enabling teachers to override permissions (pre-1.9.3)== | ==Enabling teachers to override permissions (pre-1.9.3)== | ||
By default, only administrators are able to override permissions in versions of Moodle prior to 1.9.3. | By default, only administrators are able to override permissions in versions of Moodle prior to 1.9.3. Teachers can be enabled to do so as follows: | ||
#Access ''Administration > Users > Permissions > Define roles''. | #Access ''Administration > Users > Permissions > Define roles''. | ||
#Edit the teacher role and change the capability [[Capabilities/moodle/role:override|moodle/role:override]] to allow. | #Edit the teacher role and change the capability [[Capabilities/moodle/role:override|moodle/role:override]] to allow. | ||
Line 51: | Line 55: | ||
If preferred, a new role for overriding permissions may be created and selected teachers assigned to it. | If preferred, a new role for overriding permissions may be created and selected teachers assigned to it. | ||
==Overriding permissions for selected students== | |||
Sometimes a teacher will want to over ride permissions for selected students. Typically they will assign a student a role locally. For example, assign a student as a non-editing teacher. However, administrators can override specific permission in a role. This does not create a new role. It modifies an existing specific role and affects all users assigned to that role in the context. | |||
Sometimes the administrator (or someone with the permissions to) will create a new role. For example, the administrator will copy all the student permissions to a new role, then change specific permissions. The teacher then assigns specific students to this role without having to worry about checking off the correct role permissions. | |||
==See also== | ==See also== |
Revision as of 09:48, 25 July 2008
Overrides are specific permissions designed to override a role in a specific context, allowing you to "tweak" your permissions as required.
Overrides may be used to "open up" areas by giving users extra permissions. For example, an override may be used to enable students to rate forum posts (see forum permissions for details).
Overrides may also be used to prevent actions, such as starting new discussions in an archived forum.
The interface for overriding permissions is similar to the one for defining roles, except only relevant capabilities are shown. Inherited permissions are highlighted.
Note: Prior to Moodle 1.9, the override permissions page was named "Override roles".
Permissions
There are four settings for each permission capability:
- Inherit
- The default setting. If a capability is set to inherit, the user's permissions remain the same as they are in a less specific context, or another role where the capability is defined. For example, if a student is allowed to attempt quiz questions at the course level, their role in a specific quiz will inherit this setting.
- Allow
- This enables a user to use a capability in a given context. This permission applies for the context that the role gets assigned plus all lower contexts. For example, if a user is assigned the role of student in a course, they will be able to start new discussions in all forums in that course (unless a forum contains an override with a prevent or prohibit value for the capability).
- Prevent
- By choosing this you are removing permission for this capability, even if the users with this role were allowed that permission in a higher context.
- Prohibit
- This is rarely needed, but occasionally you might want to completely deny permissions to a role in a way that can NOT be overridden at any lower context.
Locations for overriding permissions
- Front page context: "Override permissions" tab via Site Administration > Front Page > Front Page roles (in Moodle 1.8 onwards)
- Course category context: "Override permissions" tab via assign roles link in course categories page
- Course context: "Override permissions" tab via assign roles link in course administration block
- Module context: "Override permissions" tab in editing activity page
- Block context: "Override permissions" tab via assign roles link course block (with editing turned on)
- User context: "Override permissions" link via roles tab in user profile page
Ability to override permissions
Users who have the capability moodle/role:override allowed (or, in Moodle 1.9.3 onwards, the capability moodle/role:safeoverride allowed) can override permissions for selected roles (as set in Allow role overrides).
The default administrator role has the capability moodle/role:override allowed, and admins can override permissions for all other roles by default.
Template:Moodle 1.9In Moodle 1.9.3 onwards, the default teacher role has the capability moodle/role:safeoverride allowed, and teachers can override certain permissions (i.e. ones without major risks attached to them) for non-editing teacher, student and guest roles by default.
Enabling teachers to override permissions (pre-1.9.3)
By default, only administrators are able to override permissions in versions of Moodle prior to 1.9.3. Teachers can be enabled to do so as follows:
- Access Administration > Users > Permissions > Define roles.
- Edit the teacher role and change the capability moodle/role:override to allow.
- Click the button "Save changes".
- Click the tab "Allow role overrides" (in Administration > Users > Permissions > Define roles).
- Check the appropriate box to allow a teacher to override the student role.
- Click the button "Save changes".
If preferred, a new role for overriding permissions may be created and selected teachers assigned to it.
Overriding permissions for selected students
Sometimes a teacher will want to over ride permissions for selected students. Typically they will assign a student a role locally. For example, assign a student as a non-editing teacher. However, administrators can override specific permission in a role. This does not create a new role. It modifies an existing specific role and affects all users assigned to that role in the context.
Sometimes the administrator (or someone with the permissions to) will create a new role. For example, the administrator will copy all the student permissions to a new role, then change specific permissions. The teacher then assigns specific students to this role without having to worry about checking off the correct role permissions.