Note: You are currently viewing documentation for Moodle 3.0. Up-to-date documentation for the latest stable version of Moodle may be available here: Roles FAQ.

Roles FAQ: Difference between revisions

From MoodleDocs
(Add new FAQ)
(Any further questions?)
 
(39 intermediate revisions by 4 users not shown)
Line 1: Line 1:
{{Roles}}
{{Roles}}
{{Update}}
==What is the definition of a...==
==What is the definition of a...==


Line 14: Line 13:
==Why isn't my role change taking effect?==
==Why isn't my role change taking effect?==


Manual role assignments and overrides take effect immediately. However automatic role assignments that result from changes to certain user policies (for example, Default front page role) may be delayed until the next login.
Certain capabilities e.g. [[Capabilities/moodle/user:changeownpassword|moodle/user:changeownpassword]] may only be applied in the system context, so giving such permissions by assigning a role in the course context will have no effect.


Also, please check the context in which the role is assigned. Certain capabilities e.g. [[Capabilities/moodle/user:update|moodle/user:update]] may only be applied in the System context, so giving such permissions in the course context will have no effect.
==Why do some users I know are in my course not appear in ''Participants''?==


==My custom role will allow them to enroll others in a course, but only a "none" role==
Users assigned roles in a higher context, for example users assigned the role of teacher in the course category are technically not enrolled in the course and so will not appear in the Participants link in the [[Navigation block]] but can be found via ''Administration>Course administration>Users>Other users''
Go to Site administration> User > Permissions > Define roles.  Look at each of the "Allow" tabs and check the appropriate boxes.
 
==Why do I not have my Course creator role when I also have a student role in my course?==
When you are assigned a role in a context,like a course, that role's permissions for every capability will take over in that context.  You were probably given the course creator role in the system or category context, but then in the lower context of a course, you were enrolled as a student. 
 
If you need to be a student a best practice is to create a phantom or test user, then enrol that user in the course as a student.  Teachers and others who know the user name and password, can see the course from the student perspective.
 
On a deeper level, consider the "Master Teacher" who is made a teacher on the system level.  If they are given a student role in a specific course, they "lose" many of their abilities to do things as a teacher in that course.  However, it can get complicated when a student capability has a "Not set" permission and the teacher role has an "Allow" permission. Here the "student" maybe able to do things other students can not do.  Thus the reason for the best practice mentioned above.
 
==Why are there differences in the users listed as course participants and users assigned roles in a course?==
 
Users assigned roles in a higher context, for example users assigned the role of teacher in a course category context, may appear as course participants.
 
==When defining roles, what is the difference between Prevent and Not set?==
 
Short answer: "Not set" means whatever permission was in effect when the user entered the context is still in effect.  "Prevent" do not allow this capability in this context.
 
Best practice: when defining roles, you almost always want to use Allow or Not set.
 
==Can you give me some examples about permissions?==
When you logged into the site you were given the system role of Authenticated User. You are also enrolled in a course and given the student role. Let's look at a single capability called X (the capability could be to create a blog) to see how permissions work.
 
In the example below we are just talking about the permissions for a single capability in the course role of a Student and the system role of Authenticated user for 1 user.
 
* If Student permission is '''Not set''', and Authenticated user  permission is '''Not set''', then you are not allowed to do X.
* If Student is '''Not set''', and Authenticated user is '''Allow''', then you are allowed to do X.
* If Student is '''Prevent''' , and Authenticated user is '''Allow''', then you are not allowed to do X.
* If Student is '''Allow''', and Authenticated user is '''Prevent''', then you are allowed to do X.
* If Student is '''Prohibit''', and Authenticated user i '''Allow''', then you are not allowed to do X.
* If Student is '''Allow''', and Authenticated user is '''Prohibit''', then you are not allowed to do X.


==How can I prevent a user from changing their own password?==
==How can I prevent a user from changing their own password?==
Line 54: Line 23:
To prevent a user from changing their own password, you must make sure they do not have [[Capabilities/moodle/user:changeownpassword|moodle/user:changeownpassword]] = Allow in the System context. The Authenticated user role (which is assigned to users in the System context) has moodle/user:changeownpassword = Allow by default, so you have two choices:  
To prevent a user from changing their own password, you must make sure they do not have [[Capabilities/moodle/user:changeownpassword|moodle/user:changeownpassword]] = Allow in the System context. The Authenticated user role (which is assigned to users in the System context) has moodle/user:changeownpassword = Allow by default, so you have two choices:  
# Edit Authenticated user, setting moodle/user:changeownpassword = Not set  
# Edit Authenticated user, setting moodle/user:changeownpassword = Not set  
# Create a new role CannotChangeOwnPassword with moodle/user:changeownpassword = Prevent and all other permissions Not set and assign the role to selected users in the System context (Site administration -> Users -> Permissions -> Assign system roles).  
# Create a new role CannotChangeOwnPassword with moodle/user:changeownpassword = Prevent and all other permissions Not set. Choose "system" for the context type  and assign the role to selected users in the System context via ''Administration>Site administration -> Users -> Permissions -> Assign system roles).''


Choice (1) will prevent ''all'' users from changing their passwords (except for the administrator, who can do anything).  To selectively allow selected users (say teachers) to change their passwords, you could create a new role CanChangeOwnPassword with moodle/user:changeownpassword = Allow and all other permissions not set and assign the role to selected users in the System context (Site administration -> Users -> Permissions -> Assign system roles).
Choice (1) will prevent ''all'' users from changing their passwords (except for the administrator, who can do anything).  To selectively allow selected users (say teachers) to change their passwords, you could create a new role CanChangeOwnPassword with moodle/user:changeownpassword = Allow and all other permissions not set and assign the role to selected users in the System context (Site administration -> Users -> Permissions -> Assign system roles).
Line 65: Line 34:


See [[Roles_FAQ#How can I prevent a user from changing their own password? | How can I prevent a user from changing their own password?]]  The answer to this question is the same if you substitute ''edit their own profile'' for ''change their own password'' and ''[[Capabilities/moodle/user:editownprofile|moodle/user:editownprofile]]'' for ''moodle/user:changeownpassword.''
See [[Roles_FAQ#How can I prevent a user from changing their own password? | How can I prevent a user from changing their own password?]]  The answer to this question is the same if you substitute ''edit their own profile'' for ''change their own password'' and ''[[Capabilities/moodle/user:editownprofile|moodle/user:editownprofile]]'' for ''moodle/user:changeownpassword.''
==Do roles have an inheritance relationship?==
No. Roles are completely independent.
* When you create a new role by copying an existing role, it is just like copying a file: the original and the copy are identical at the outset, but the copy has no ongoing relationship with the original.  Changes to the original do not affect the copy and ''vice versa''.
* When you create a new role and select a value such as LEGACY:Student from the Legacy role type dropdown, you are not "inheriting" from the Student role.  You are simply indicating that you want your role to have the same defaults as Student.
* Course creator does not "inherit" from Teacher (a common misconception).  As with all roles, the two roles are completely independent.  Course creator is actually a very simple role that can basically only create courses and not much else.  However a user who creates a course can be automatically assigned the role of Teacher in the newly-created course (the default in site settings).  This is how a course creator gets her teaching abilities within a course.
* Since roles are independent of each other, ordering roles at Site Administration > Users > Permissions > Define roles does not have any impact on capabilities or permissions. The only effect of ordering roles is how they are displayed in each context.
* When a Moodle site is upgraded with new capabilities, the "ARCHTYPE" role determines the initial permissions for those new capabilities.


==How do I change the name for "teacher" in the course description?==
==How do I change the name for "teacher" in the course description?==
Line 104: Line 63:
==Why doesn't "Switch role to.." within a course seem to work properly?==
==Why doesn't "Switch role to.." within a course seem to work properly?==


This feature is intended for teachers so that they can see how their course appears for students. It isn't a reliable view however, as some features do not display correctly when viewed by a teacher who has switched their role to a student. For that reason  it is always preferable where possible to have a "test" student log in to use.
This feature is intended for teachers so that they can see how their course appears for students. It isn't a reliable view however, as some features do not display correctly when viewed by a teacher who has switched their role to a student. Certain actions (specifically submitting assignments) are excluded from working with 'switch roles' (as the submitted work would not be visible on the grading pages, due to the user not having the 'submit' permission when they have not switched roles).For that reason  it is always preferable where possible to have a "test" student log in to use.


==Are there any example roles?==
==Are there any example roles?==
Line 115: Line 74:
*[[Calendar editor role|Calendar editor]] - for providing a user with permission to add site events to the calendar
*[[Calendar editor role|Calendar editor]] - for providing a user with permission to add site events to the calendar
*[[Blogger role|Blogger]] - for limiting blogging to specific users only
*[[Blogger role|Blogger]] - for limiting blogging to specific users only
*[[Quiz user with unlimited time role|Quiz user with unlimited time]] - for allowing a user unlimited time to attempt a quiz which has a time limit set
*[[Question creator role|Question creator]] - for enabling students to create questions for use in quizzes
*[[Question creator role|Question creator]] - for enabling students to create questions for use in quizzes
*[[Course requester role]] - for restricting users who can make course requests
*[[Course requester role]] - for restricting users who can make course requests
==Logged-in users can't read the site news. What can I do?==
See [[News forum]] for details.


==How do I enable logged-in users to participate in front page activities?==
==How do I enable logged-in users to participate in front page activities?==


Either:
Either:
#Access ''Site administration > Front Page > Users > Permissions> Assign roles''
 
#Select the role you wish to add individual users to
# Go to ''Administration > Site administration > Users > Permissions > Define roles'' and edit the 'Authenticated user on frontpage' role
#Select all or some of the users in the potential users list
# Allow capabilities for the front page activities
#Use the left-facing arrow button to add them to the existing users list
# Click the 'Save changes' button


Or:
Or:
#Access ''Site Administration > Front Page > Front Page settings''
#Set the default front page role to student.
:Note: Setting the default front page role to student is not sufficient to enable logged-in users to participate in a Front Page "Choice activity". A permissions override should be used instead.


==How do I copy a custom role from one Moodle site to another==
# Go to ''Administration > Site administration > Front Page > Front Page settings''
 
# Set the default front page role to student
There is no import and export facility for roles, but it can be achieved nearly as easily using backup and restore.
# Click the 'Save changes' button
 
# Create an empty course with all the default settings
# Assign anybody to your custom role (or roles) within the course
# Backup the course (all defaults are fine)
# Download the backup file
# Upload the backup file to the site files of the target Moodle
# Restore the course (all defaults are fine)
# Delete the course.
 
You will find that the custom roles have been recreated in the target site.
 
Note: It seems this functionality is no longer working in Moodle 2.0. See MDL-30127 for details.
 
==What is the difference between the capabilities moodle/role:override and moodle/role:safeoverride?==
 
The capability [[Capabilities/moodle/role:safeoverride|moodle/role:safeoverride]] was added to Moodle as a way of enabling teachers to [[Override permissions|override permissions]] safely. The capability moodle/role:override allows a user to override all permissions, whereas moodle/role:safeoverride only allows a user to override capabilities that do not have major risks attached to them.


==How can I prevent students from editing their profile?==
==How can I prevent students from editing their profile?==
Line 165: Line 99:
==Why can't I add teachers or students site wide in Moodle?==
==Why can't I add teachers or students site wide in Moodle?==


You can but it is not a best practice. 'Settings > Site administration > Users> Permissions> Assign system roles'' .
You can, but it is not best practice.
*Teachers and students typically work in one or more individual courses. It is unusual for a student to be studying every single course on your Moodle and unusual for a teacher to be teaching every single course. Therefore, the default Moodle does use these as system wide roles.  The Manager role might be one that makes sense to assign on a system or category context.
 
*Alternatively, you could create a new role based on the teacher or student and assign this in the System context.  Then assign individuals to that role.
*Teachers and students typically work in one or more individual courses. It is unusual for a student to be studying every single course on your Moodle and unusual for a teacher to be teaching every single course. Therefore, the default Moodle does not use these as system wide roles.  The Manager role might be one that makes sense to assign on a system or category context.
#To assign a teacher or student sitewide, go to ''Administration>Site administration>Users>Permissions>Define roles'' and edit the role to include the ''system'' context.
#Then search for and allow the capability [[Capabilities/moodle/course:view|moodle/course:view]]
#Then assign users to this role via ''Administration>Site administration>Users>Permissions>Assign system roles''
*It might be preferable to create a new role based on the teacher or student and assign this in the System context.  Then assign individuals to that role.


==How can I make a role available as a front page role?==
==How can I make a role available as a front page role?==
Line 175: Line 113:
# Scroll to the bottom of the page and click the 'Save changes' button
# Scroll to the bottom of the page and click the 'Save changes' button


== See also ==
==How can I allow a non-editing teacher to "switch role to " a student?==
 
# In ''Settings > Site administration > Users > Permissions > Define roles'', edit the non-editing teacher role and set the capability "moodle/role:switchroles" to "allow". This will then allow them to switch their role to a student or a guest (as defined on the ''Allow role switches'' screen.)
 
==How can I set a role back to its default permissions?==
 
# Go to ''Administration> Site administration > Users > Permissions > Define roles'' and click on the name of the role
# Click the 'Reset to defaults' button and then answer yes to confirm
 
Note that if you have students  who have been given extra permissions (such as forum ratings), then they will no longer be able to do this once the role has been reset to its default.
 
==Permissions don't seem to be working correctly. What can I do?==
 
[[File:reviewing badge permissions.png|thumb|Reviewing role permissions]]It is recommended that permissions for each role are reviewed and set according to the role archetype.
 
# Go to ''Administration > Site administration > Users > Permissions > Define roles'' and click the edit icon opposite a role
# Click the 'Show advanced' button to reveal the different permission settings
# Review permissions (filtering for particular permissions as appropriate) and, unless there is a good reason to do otherwise, change permissions so that all are set to the highlighted value
# Click the 'Save changes' button
# Repeat steps 1 to 4 for each role
 
==What is the "none" role?==
It is possible to enrol users into a course so they appear as participants, but since they do not have a standard role such as student, they do not have any particular permissions. They cannot for example, engage in course activities. For discussion about the "none" role, see MDL-29599.
 
==Any further questions?==


* Using Moodle [http://moodle.org/mod/forum/view.php?id=6826 Roles and Capabilities forum]
Please visit the [http://moodle.org/mod/forum/view.php?id=6826 Roles and Capabilities forum] on moodle.org.


[[Category:FAQ]]
[[Category:FAQ]]
Line 185: Line 147:
[[fr:FAQ des rôles]]
[[fr:FAQ des rôles]]
[[ja:ロールFAQ]]
[[ja:ロールFAQ]]
[[ru:FAQ по ролям]]

Latest revision as of 08:24, 8 February 2016


What is the definition of a...

Capability
A configurable aspect of program behavior. Moodle has 100s of capabilities. Each capability has a computer friendly name like mod/forum:rate and a human-friendly name like "Rate posts."
Permission
Permissions are paired with each capability. There are four possible permission values: Allow, Prevent, Prohibit and Not set/Inherit. (It is called not-set when defining roles and inherit when overriding permissions.)
Role
A named set of permissions that are associated with each capability. For example. the "Teacher" and "Student" roles come with the standard Moodle install.
Context
A functional area of Moodle. Contexts have a hierarchy. Examples of contexts include a course, activity module, or resource.

Why isn't my role change taking effect?

Certain capabilities e.g. moodle/user:changeownpassword may only be applied in the system context, so giving such permissions by assigning a role in the course context will have no effect.

Why do some users I know are in my course not appear in Participants?

Users assigned roles in a higher context, for example users assigned the role of teacher in the course category are technically not enrolled in the course and so will not appear in the Participants link in the Navigation block but can be found via Administration>Course administration>Users>Other users

How can I prevent a user from changing their own password?

To prevent a user from changing their own password, you must make sure they do not have moodle/user:changeownpassword = Allow in the System context. The Authenticated user role (which is assigned to users in the System context) has moodle/user:changeownpassword = Allow by default, so you have two choices:

  1. Edit Authenticated user, setting moodle/user:changeownpassword = Not set
  2. Create a new role CannotChangeOwnPassword with moodle/user:changeownpassword = Prevent and all other permissions Not set. Choose "system" for the context type and assign the role to selected users in the System context via Administration>Site administration -> Users -> Permissions -> Assign system roles).

Choice (1) will prevent all users from changing their passwords (except for the administrator, who can do anything). To selectively allow selected users (say teachers) to change their passwords, you could create a new role CanChangeOwnPassword with moodle/user:changeownpassword = Allow and all other permissions not set and assign the role to selected users in the System context (Site administration -> Users -> Permissions -> Assign system roles).

Choice (2) allows you to be selective, but if you have a lot of users that you want to prevent (say, all students), you will have to make a lot of role assignments in the System context. There is currently no convenient way to do this, so you might consider choice (1).

Note that you MUST deal with this permission in the System context.

How can I prevent a user from editing their own profile?

See How can I prevent a user from changing their own password? The answer to this question is the same if you substitute edit their own profile for change their own password and moodle/user:editownprofile for moodle/user:changeownpassword.

How do I change the name for "teacher" in the course description?

Either

  • Edit the role of Teacher via Administration > Users > Permissions > Define roles and rename it. The new name will apply site-wide.

Or

  • Create a duplicate teacher role with an alternative name and assign users the duplicate teacher role as appropriate in the course context. In Administration > Appearance > Course contact select the alternative name for teacher that you wish to be displayed in the course description when courses are listed. For example, copy the standard teacher role and call it Instructor and only show that role as the course contact.

Or

  • Create a new "dummy" role (no capabilities) with those names and assign them to teachers along with the real roles. select the alternative name for teacher that you wish to be displayed in the course description when courses are listed. For example, copy the guest role, call it Lead Teacher and make this the course contact. You may have 5 teachers in the course but only one name will appear as Lead Teacher. If nobody is assigned the role Lead Teacher, no course contact will show.

Or

  • Names for different roles in a course may be changed in the Course administration > edit settings "Role renaming" fields. For example, some courses the teacher wants the title "Professor", or "Chief" or "Mentor".

Or

How do I enable teachers to set role overrides?

  1. Access Site administration > Users > Permissions > Define roles.
  2. Edit the teacher role and change the capability moodle/role:safeoverride to allow.
  3. Click the button "Save changes".
  4. Click the tab "Allow role overrides" (in Site administration > Users > Permissions > Define roles).
  5. Check the appropriate box(s) in the teacher row to set which role(s) teachers can override. Most likely it will just be the student role (you don't want teachers to be able to override admins!), so check the box where the teacher row intersects with the student column.
  6. Click the button "Save changes".

How do I enable teachers to assign other teachers in a course?

This is disabled by default but it can be switched on by modifying the teacher's role. In Siite administration > Users > Permissions > Define roles select the "Allow role assignments" tab and tick the checkbox where Teacher and Teacher intersect.

Why doesn't "Switch role to.." within a course seem to work properly?

This feature is intended for teachers so that they can see how their course appears for students. It isn't a reliable view however, as some features do not display correctly when viewed by a teacher who has switched their role to a student. Certain actions (specifically submitting assignments) are excluded from working with 'switch roles' (as the submitted work would not be visible on the grading pages, due to the user not having the 'submit' permission when they have not switched roles).For that reason it is always preferable where possible to have a "test" student log in to use.

Are there any example roles?

Yes, as follows:

  • Parent - for providing parents/mentors/tutors with permission to view certain information about their children/mentees/tutees
  • Demo teacher - for providing a demonstration teacher account with a password which can't be changed
  • Forum moderator - for providing a user with permission in a particular forum to edit or delete forum posts, split discussions and move discussions to other forums
  • Calendar editor - for providing a user with permission to add site events to the calendar
  • Blogger - for limiting blogging to specific users only
  • Question creator - for enabling students to create questions for use in quizzes
  • Course requester role - for restricting users who can make course requests

How do I enable logged-in users to participate in front page activities?

Either:

  1. Go to Administration > Site administration > Users > Permissions > Define roles and edit the 'Authenticated user on frontpage' role
  2. Allow capabilities for the front page activities
  3. Click the 'Save changes' button

Or:

  1. Go to Administration > Site administration > Front Page > Front Page settings
  2. Set the default front page role to student
  3. Click the 'Save changes' button

How can I prevent students from editing their profile?

If you only want students to be prevented from editing their profile, and not all users, you can create a new role, such as Restricted user as described in the Demo teacher role, with moodle/user:editownprofile set to prevent, and assign it to all students in the system context.

Alternatively, you could change moodle/user:editownprofile to not set for the Authenticated user role, then create a new role for teachers with moodle/user:editownprofile set to allow.

Why can't I add teachers or students site wide in Moodle?

You can, but it is not best practice.

  • Teachers and students typically work in one or more individual courses. It is unusual for a student to be studying every single course on your Moodle and unusual for a teacher to be teaching every single course. Therefore, the default Moodle does not use these as system wide roles. The Manager role might be one that makes sense to assign on a system or category context.
  1. To assign a teacher or student sitewide, go to Administration>Site administration>Users>Permissions>Define roles and edit the role to include the system context.
  2. Then search for and allow the capability moodle/course:view
  3. Then assign users to this role via Administration>Site administration>Users>Permissions>Assign system roles
  • It might be preferable to create a new role based on the teacher or student and assign this in the System context. Then assign individuals to that role.

How can I make a role available as a front page role?

  1. Go to Settings > Site administration > Users > Permissions > Define roles and edit the role
  2. For 'Context types where this role may be assigned' tick the Course checkbox
  3. Scroll to the bottom of the page and click the 'Save changes' button

How can I allow a non-editing teacher to "switch role to " a student?

  1. In Settings > Site administration > Users > Permissions > Define roles, edit the non-editing teacher role and set the capability "moodle/role:switchroles" to "allow". This will then allow them to switch their role to a student or a guest (as defined on the Allow role switches screen.)

How can I set a role back to its default permissions?

  1. Go to Administration> Site administration > Users > Permissions > Define roles and click on the name of the role
  2. Click the 'Reset to defaults' button and then answer yes to confirm

Note that if you have students who have been given extra permissions (such as forum ratings), then they will no longer be able to do this once the role has been reset to its default.

Permissions don't seem to be working correctly. What can I do?

Reviewing role permissions

It is recommended that permissions for each role are reviewed and set according to the role archetype.

  1. Go to Administration > Site administration > Users > Permissions > Define roles and click the edit icon opposite a role
  2. Click the 'Show advanced' button to reveal the different permission settings
  3. Review permissions (filtering for particular permissions as appropriate) and, unless there is a good reason to do otherwise, change permissions so that all are set to the highlighted value
  4. Click the 'Save changes' button
  5. Repeat steps 1 to 4 for each role

What is the "none" role?

It is possible to enrol users into a course so they appear as participants, but since they do not have a standard role such as student, they do not have any particular permissions. They cannot for example, engage in course activities. For discussion about the "none" role, see MDL-29599.

Any further questions?

Please visit the Roles and Capabilities forum on moodle.org.