MoodleDocs - User contributions [en]

Manager role

2020-09-08T19:06:55Z

Calbasi: /* Manager role abilities */ Updating an failed and outdated link

{{Standard roles}}

== Manager role abilities==

The default Manager role enables users assigned the role to access courses and modify them, as well as perform certain administrative level tasks related to courses, users, grade settings, etc.

Unlike the administrator role, the Manager role is a 'real role', whose capabilities you can edit, but is ''similar'' to Administrator (but much safer to use) due to its broad default powers. As a normal role, like Course Creator or Teacher, while the Manager role has almost very many capabilities by default, you can edit that role if you choose.

(The way permission checks work in the Moodle code is that there is a function called has_capability. For admins, has_capability will '''always''' return true, no matter how the roles are set up. Thus there is no way to edit what permissions an Administrator has.)

Adopting a best-practice based on the [https://en.wikipedia.org/wiki/Principle_of_least_privilege?layoutType=plain Principle of Least Privilege] suggests that Admins should normally use a Manager role, and not use an Administrator account, similar to the way you are recommended not to log into Linux as root.

The Manager role therefore allows a site Administrator to give very powerful roles to others who are assigned a Manager role, but without having to give them a full Administrator role.

==Assigning the role of Manager at the Site level==
You can give someone the Manager role sitewide (to enable them for instance to add new users) by going to ''Site Administration>Users>Permissions>Assign system roles'', selecting the Manager role and moving over your chosen user.

When you do so, users in that role will have access to only some of the items in Site administration. They do not have access to areas such as Security, Server, Plugins, Appearance, or Advanced Features, which are reserved for those in the Site administrators group. They have access to most of the tools for User, Course and Grade system settings and tools.

Specifically the Site-wide Manager role can see these in Site administration:

Competencies
Migrate frameworks
Import competency framework
Export competency framework
Competency frameworks
Learning plan templates
Badges
Badges settings
Manage badges
Add a new badge
Language
Language customisation
Appearance
Default Dashboard page
Default profile page
Manage tags
User tours
Front page
Front page settings
Users
Accounts
Browse list of users
Bulk user actions
Add a new user
Cohorts
Upload users
Upload user pictures
Permissions
Define roles
Assign system role
Check system permissions
Capability overview
Assign user roles to cohort
Courses
Manage courses and categories
Add a category
Restore course
Backups
General backup defaults
General import defaults
Automated backup setup
Grades
General settings
Grade category settings
Grade item settings
Scales
Outcomes (if enabled on site)
Letters
Report settings
Grader report
Grade history
Overview report
User report
Plugins
Question types
Question preview defaults
Reports
Comments
Backups
Logs
Live logs
Performance overview
Security overview
Statistics (if enabled on site)
Event monitoring rules

Notes:

* Some of these can further be restricted by editing specific capabilities of the role, e.g., create users, upload users from a file, manual enrolments, managing cohorts, language customisation, etc., etc.
* Manager has access to Front page same as with other courses (as it is technically a course).
* Manager has access to most system level reports but not the Configuration report.
* Manager has the ability to assign other users as a sitewide Manager
* Also, a Manager has the ability to edit the role of Manager itself - to disable this, you could prohibit the Create and Manage roles ''moodle/role:manage'' capability

==Assigning the role of Manager at the Category level==

The Manager role can also be assigned in the context Category rather than sitewide.

Do this if you want someone to be able to have access to all the courses in a single category and manage them, but do not want them to have access to any of Site administration tools.

Assign this as follows: ''Site administration > Courses > Add/edit courses > '' (select a category) ''> Edit this category > Administration'' block: ''Assign roles > Manager >'' (select user) ''Add''

Notes:

* A category-level manager is so only for the assigned category: to manage more than one category, you will need to assign them that role in each category separately
* Category-level managers also [https://docs.moodle.org/en/Capabilities/moodle/category:manage manage any sub-categories] beneath the category they are assigned, including create new subcategories and move courses
* They can create courses in the their assigned categories
* A category-level manager will not have as many capabilities as a site-level manager, since certain capabilities can only be applied in the system context i.e. via a system role
* Regarding the [[Capabilities/moodle/user:loginas|capability to login as another user]], for courses within the category that they manage, a category-level manager can only login as another course participant and browse within that course only

Note that in some commands are in the Administration block. Managers must Turn editing on in order to have ''Edit category'' and ''Add category'' links. The screenshot below is a view of the Administration block for a Category level Manager with Editing turned on, showing the ''Edit this category'' and ''Add a sub-category'' commands:

[[File:category-level-manager-settings.png]]

==See also==

* [[Site administrators]]

[[fr:Gestionnaire]]
[[de:Manager-Rolle]]
[[es:Rol de Mánager]]

HTTPS conversion tool

2020-06-18T18:32:17Z

Calbasi: Changing .com for a more generic .TLD

{{Security}}
[[File:HTTPStool.png|thumb|left|HTTPS conversion tool]]The HTTPS conversion tool in Moodle 3.4 onwards will convert any embedded HTTP content (not links) on your site to HTTPS in order for it to display correctly on your HTTPS site. It is accessed from the HTTP security screen of Site administration, or by typing directly ''YOURMOODLESITE.TLD''/admin/tool/httpsreplace/index.php (where YOURMOODLESITE.TLD is the name of your site).

Before performing the conversion, content will be scanned to find any URLs which may not work after conversion i.e. any domains which do not appear to support HTTPS content. After switching to HTTPS, the content included from these sites will no longer display within Moodle for users with secure modern browsers. These problematic domains will be converted, but obviously won't work once the conversion is complete, hence they are reported for audit prior to the conversion process.

There is also a CLI conversion tool. To list domains that need conversion:

php admin/tool/httpsreplace/cli/url_replace.php -l

To perform the conversion:

php admin/tool/httpsreplace/cli/url_replace.php -r --confirm

To view Help:

php admin/tool/httpsreplace/cli/url_replace.php -h

==See also==

* MDL-46269

[[es:Herramienta para conversión a HTTPS]]
[[de:HTTPS Konvertierung]]

User:Joan Cervan

2019-01-18T13:40:40Z

Calbasi:

I'm just a freelance web developer at [https://www.calbasi.net calbasi.net]. I use to work with Drupal, CiviCRM and Moodle.

I live near Barcelona (Catalonia, Europe).

User:Joan Cervan

2019-01-18T13:39:26Z

Calbasi: Just 2 biographic lines

I'm just a freelance web developer. I use to work with Drupal, CiviCRM and Moodle.
I live near Barcelona (Catalonia, Europe).

Talk:Security recommendations

2019-01-18T10:20:19Z

Calbasi: we should remove php register_global because this parameter was suppressed from 5.4+

I think we should suppress register_global advise because has non sense talk about a suppressed php from version 5.4+ (more than 5 years ago). I'm going to edit the article according to this.

--[[User:Joan Cervan|Joan Cervan]] ([[User talk:Joan Cervan|talk]]) 10:20, 18 January 2019 (UTC)

-----

To tighten up permissions on Linux:

cd /var/
find moodledata/ -type d -exec chmod 700 {} \;
find moodledata/ -type f -exec chmod 600 {} \;
cd /var/www/html # or cd /var/www/ if moodle folder is one level lower
find moodle/ -type d -exec chmod 755 {} \;
find moodle/ -type f -exec chmod 644 {} \;

Correction : The RootkitRevealer-link are outdated, working links:
english: http://technet.microsoft.com/en-en/sysinternals/bb897445.aspx
german http://technet.microsoft.com/de-de/sysinternals/bb897445.aspx

:Thanks Reto, I have amended the links accordingly. --[[User:Helen Foster|Helen Foster]] ([[User talk:Helen Foster|talk]]) 16:20, 6 January 2014 (WST)

Correction : Enrolment key hint is disabled by default in Moodle 2.2. The setting is found at Settings>Site Administration>Plugins>Enrolments>Self enrolment.

Thanks for the pointer, Jane :) --[[User:Mary Cooch|Mary Cooch]] 20:18, 22 April 2012 (WST)

[[de:Sicherheitsempfehlungen]] ([[User:Klaus Steitz|Klaus Steitz]] 23:47, 27 April 2012 (WST))

Suggestion: Put a link to Register globals Docs page [[admin/environment/custom check/php check register globals]]

Request: Replace the link to the spanish translation for this page to the proper page [[es:Recomendaciones de Seguridad]]

Talk:admin/environment/custom check/php check register globals

2019-01-18T10:14:47Z

Calbasi: Created page with "I've suppressed old content because has non sense talk about set a suppressed php parameter at Debian/Ubuntu stable releases, that is php 7.0, when this parameter was suppress..."

I've suppressed old content because has non sense talk about set a suppressed php parameter at Debian/Ubuntu stable releases, that is php 7.0, when this parameter was suppressed from version 5.4+ (more than 5 years ago).
--[[User:Joan Cervan|Joan Cervan]] ([[User talk:Joan Cervan|talk]]) 10:14, 18 January 2019 (UTC)

admin/environment/custom check/php check register globals

2019-01-18T10:11:42Z

Calbasi: UPDATE: Register_globals has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0

UPDATE: Register_globals has been DEPRECATED as of PHP 5.3.0 and [http://php.net/manual/en/security.globals.php REMOVED] as of PHP 5.4.0

[[Category:Security]]

[[es:admin/environment/custom check/php check register globals]]