Security report on default user role: Difference between revisions
| Line 1: | Line 1: | ||
{{Security overview report}} | {{Security overview report}} | ||
==Default role for all users== | ==Default role for all users== | ||
In general the default role for all users should be set to authenticated user. Normally all permissions for the role of authenticated user should be left as default. | In general the default role for all users should be set to authenticated user. Normally all permissions for the role of authenticated user should be left as default. | ||
==Default user role is incorrectly defined== | |||
If the security overview report shows the default role for all users with status 'Critical' and states that 'The default user role "Authenticated user" is incorrectly defined!' it means that one or more risky capabilities are allowed for the role. | |||
This could also refer to a bug in Moodle. Check the ''tool/dataprivacy:requestdeleteforotheruser'' capablity in the Authenticated User role. This setting now defaults to "Not Set". If the Authenticated User role on your site has this capability set to the default "Not Set" then no further action is required. See the '''MDL-67852: Security overview report shows critical warning for "Default role for all users" with default requestdelete config''' Tracker issue and the following Using Moodle Forum discussions: | |||
* [https://moodle.org/mod/forum/discuss.php?d=387143 <nowiki>Security overview]</nowiki>] | |||
* [https://moodle.org/mod/forum/discuss.php?d=403379 Security checks and Default role for all users] | |||
==Reviewing authenticated user role permissions== | ==Reviewing authenticated user role permissions== | ||
The permissions for the role of authenticated user can be reviewed as follows: | The permissions for the role of authenticated user can be reviewed as follows: | ||
# Go to ''Administration > Site administration > Users > Permissions > Define roles'' | # Go to ''Administration > Site administration > Users > Permissions > Define roles'' | ||
# In the role column, click the link 'Authenticated user' | # In the role column, click the link 'Authenticated user' | ||
# Browse the permissions column | # Browse the permissions column | ||
If there is no reason for changing permissions from default, then the role can be reset by clicking the Reset button at the top of the page. | If there is no reason for changing permissions from default, then the role can be reset by clicking the Reset button at the top of the page. | ||
| Line 21: | Line 20: | ||
After resetting the authenticated user role, the security overview report will show the default role for all users with status OK. | After resetting the authenticated user role, the security overview report will show the default role for all users with status OK. | ||
==See also== | ==See also== | ||
* Using Moodle [http://moodle.org/mod/forum/view.php?id=7301 Security and Privacy forum] | * Using Moodle [http://moodle.org/mod/forum/view.php?id=7301 Security and Privacy forum] | ||
* Using Moodle [https://moodle.org/mod/forum/discuss.php?d=387143 Security overview] discussion | * Using Moodle [https://moodle.org/mod/forum/discuss.php?d=387143 Security overview] discussion | ||
[[es:Reporte de seguridad sobre rol del usuario por defecto]] | [[es:Reporte de seguridad sobre rol del usuario por defecto]] | ||
Revision as of 11:15, 24 October 2022
Default role for all users
In general the default role for all users should be set to authenticated user. Normally all permissions for the role of authenticated user should be left as default.
Default user role is incorrectly defined
If the security overview report shows the default role for all users with status 'Critical' and states that 'The default user role "Authenticated user" is incorrectly defined!' it means that one or more risky capabilities are allowed for the role.
This could also refer to a bug in Moodle. Check the tool/dataprivacy:requestdeleteforotheruser capablity in the Authenticated User role. This setting now defaults to "Not Set". If the Authenticated User role on your site has this capability set to the default "Not Set" then no further action is required. See the MDL-67852: Security overview report shows critical warning for "Default role for all users" with default requestdelete config Tracker issue and the following Using Moodle Forum discussions:
Reviewing authenticated user role permissions
The permissions for the role of authenticated user can be reviewed as follows:
- Go to Administration > Site administration > Users > Permissions > Define roles
- In the role column, click the link 'Authenticated user'
- Browse the permissions column
If there is no reason for changing permissions from default, then the role can be reset by clicking the Reset button at the top of the page.
After resetting the authenticated user role, the security overview report will show the default role for all users with status OK.
See also
- Using Moodle Security and Privacy forum
- Using Moodle Security overview discussion
