作成中です - Mitsuhiro Yoshida 2006年12月24日 (日) 02:13 (CST)

Moodle 1.7では、管理者がMoodleサイトで利用できる既存のロールを追加または編集することができます。ロールは、管理者ブロック >> ユーザ >> パーミッション >> ロールの定義メニューエリアで設定することができます。Moodleにはデフォルトで7つのロールが設定されていますので、ロールの追加および編集は完全に任意であることを心に留めてください。

ロールの定義

ロールの定義ページには、3つのタブがあります。

• Manage roles - The place to add and define permissions for a new role, or edit name and/or permissions associated with existing Moodle roles.
• Allow role assignments - A matrix which determines which role can assign users to other roles.
• Allow role overrides - A matrix which determines which role can override a previously assigned role. The default is that only an administrator can override any role assigned by another role.

パーミッション

The permissions matrix allows a very granular approach to assigning rights to a role (a class of users). Assigning or editing permissions should be done with great care. A change can produce a profound unwanted effect, or an annoying effect that will be hard to understand the cause.

There are over 150 lines of capabilities where any of 4 different permissions can be assigned. The capabilities are grouped in 21 catagories. We strongly recommend not to change the LEGACY roles. Here is the top of the list.

パーミッション用語

From lowest to highest, from general to specific.

• Inherit - pass along from before [lowest level, always loses]
• Allow - let happen or permit [same level as prevent]
• Prevent - stop [same level as allow]
• Prohibit - forbid {highest level, always wins]

パーミッションの例

Inherit: if no permission is defined, then the capability permission is inherited from a context that is more general than the current context.

Allow and prevent will cancel each other out if set for the same capability at the same context level. If this happens, we refer to the previous context level to determine the permission for the capability.

Prohibit: If we set prohibit on a capability, it means that the capability cannot be overridden. Prohibit always wins and creates a permenant stop.

Since the capabilities in each role could be different and participants can be assigned different roles, there could be a conflict in capabilities. The hierarchy of permissions resolves this by saying that the capability defined for a more specific context will win, unless an prohibit is encountered in a less specific context.

Example 1. Mark has a student role in Course One, which allows all students to write into the wikis "Everyone" and "Homework". But Mark also got assigned a Visitor role at a module context level (for the wiki "Honors") and Visitors are prevented writing in the Honors wiki. Thus Mark can write into the "Everyone" and "Homework" wikis but not in "Honors".

Example 2.Jeff has been assigned to a "naughty student" role that prohibits him from postings in any forums for the whole site. However his teacher assigned him a "facilitator" role in "Science forum" in the course Science and Math 101. Since a higher context prohibit permission always wins, Jeff is unable to post in "Science forum".

ロールの例

Why would a site want different roles? Consider

基本コンセプトの定義

• A role is an identifier of the user's status in some context. For example, teacher, student and forum moderator are examples of roles.
• A capability is a description of some particular Moodle feature. Capabilities are associated with roles. For example, being able to reply to a forum post is a capability.
• A permission is some value that is assigned for a capability for a particular role. For example, using the prevent permission to limit all students from posting to any forum.
• A context is a "space" in the Moodle, such as courses, activity modules, blocks, forums etc.
• A hierarchy of permissions determines which permission wins or is going to be in effect if there is an apparent conflict. For example, the site allow all students the permission to to post in forums, but a teacher might prevent that right in a particular course. The hieracary of permissions would allow a student to post in one course but not in another course.