Moodle allows specific roles to be able to change other specific role capabilities based on the context. For example, a teacher in a course may want all students (users with a student role) to be able to edit all forums in that course. Or a teacher may want all students in a specific forum to be able to edit that forum.
If you want to give a specific student the ability to edit a specific activity, see Override permissions.
Course and activity permissions
Role permissions for a course can be changed in Administration > Course administration > Users > Permissions and for a particular activity in Administration > Activity administration > Permissions.
Click the Allow icon (+) opposite a capability to give permission to additional roles or the Prevent icon (X) to take away permission.
Front page permissions
Front page permissions can be changed in Administration > Front page settings > Users > Permissions and for a particular activity in Administration > Activity administration > Permissions.
To change role permissions for a block
- Turn editing on in the course
- In the actions menu in the header of the block, click Permissions'.
The check permissions feature provides a method to view all roles both in the current context and higher contexts (in Moodle 2.3.2 onwards) and capabilities for a selected user based on their role assignments. These capabilities determine whether or not the selected user is allowed to perform associated tasks within the system or course.
A teacher can check permissions for their course in Administration > Course administration > Users > Permissions > Check permissions and for a particular activity in Administration > Activity administration > Check permissions.
An administrator can check system permissions in Administration > Site administration > Users > Permissions > Check system permissions.
The review permissions for others capability (allowed for the default roles of manager, teacher and non-editing teacher) controls whether a user can check permissions.
Capability overview report
An administrator can generate a capability overview report in Site Administration > Users > Permissions > Capability report.
The report allows the administrator to select a capability and one or more roles. The report will show the role and its permission level for that capability. And if that capability was overridden for the role where in the site. For example, it might show that the gradereport:user view capability for a student role is set at the system level as "Allow" and for Course 1 it is set to "Prohibit".
It is possible to select more than one capability with more than one role and have an overview of all.