Tenant administrator role: Difference between revisions
Paul Holden (talk | contribs) (Assigning tenant administrators.) |
m (Reworded old content) |
||
| Line 1: | Line 1: | ||
{{Workplace}} | {{Workplace}} | ||
The tenant administrator role is created automatically when [[Moodle Workplace]] is installed. This role cannot be removed, however the main admin can modify its capabilities. | |||
This role is issued automatically to users assigned as tenant administrators in a [[Multi-tenancy]] setting. To assign an administrator to a given tenant, click on the "Edit tenant" icon and select the user under "Management > Administrators". | |||
Tenant administrators can [[Capabilities/tool/tenant:browseusers|browse]], [[Capabilities/tool/tenant:manageusers|add and edit users]], and [[Capabilities/tool/tenant:managetheme|manage theme settings]] within their own tenant. They can also create and manage programs, certifications, dynamic rules, custom reports, organisation structure and certificates for their tenants and assign respective roles to other users. | |||
Some core capabilities have been included in this role, for example 'moodle/role:assign', 'moodle/site:uploadusers', 'moodle/site:viewuseridentity', 'moodle/badges:awardbadge', 'moodle/badges:viewawarded'. Even though these capabilities are defined by core, their scope has been limited in Moodle Workplace to users of the current tenant. This means, by default, the tenant administrator will not be able to view, select or assign users outside of their tenant. Examples of interfaces that have been modified: | |||
* User selector used when manually enrolling users in a course | * User selector used when manually enrolling users in a course | ||
* User selector used when assigning roles | * User selector used when assigning roles | ||
* User selector used when issuing badges | * User selector used when issuing badges | ||
Note that most core capabilities, if granted, would allow the tenant administrator to view or assign all users in the system. If a capability is not included in the default "Tenant administrator" role, it is unlikely to be multi-tenant compatible. Bear that in mind when modifying the "Tenant administrator" role. | |||
Latest revision as of 09:20, 18 January 2022
This feature is part of Moodle Workplace™, which is available through Moodle Partners only.The tenant administrator role is created automatically when Moodle Workplace is installed. This role cannot be removed, however the main admin can modify its capabilities.
This role is issued automatically to users assigned as tenant administrators in a Multi-tenancy setting. To assign an administrator to a given tenant, click on the "Edit tenant" icon and select the user under "Management > Administrators".
Tenant administrators can browse, add and edit users, and manage theme settings within their own tenant. They can also create and manage programs, certifications, dynamic rules, custom reports, organisation structure and certificates for their tenants and assign respective roles to other users.
Some core capabilities have been included in this role, for example 'moodle/role:assign', 'moodle/site:uploadusers', 'moodle/site:viewuseridentity', 'moodle/badges:awardbadge', 'moodle/badges:viewawarded'. Even though these capabilities are defined by core, their scope has been limited in Moodle Workplace to users of the current tenant. This means, by default, the tenant administrator will not be able to view, select or assign users outside of their tenant. Examples of interfaces that have been modified:
- User selector used when manually enrolling users in a course
- User selector used when assigning roles
- User selector used when issuing badges
Note that most core capabilities, if granted, would allow the tenant administrator to view or assign all users in the system. If a capability is not included in the default "Tenant administrator" role, it is unlikely to be multi-tenant compatible. Bear that in mind when modifying the "Tenant administrator" role.
