Note: You are currently viewing documentation for Moodle 3.2. Up-to-date documentation for the latest stable version of Moodle is probably available here: Roles FAQ.
Pasting in a new version of one of the FAQ to see if it is correct before adding to main page:
Can you give me some examples about permissions?
When you logged into the site you were given the system role of Authenticated User. You are also enrolled in a course and given the student role. Let's look at a single capability called X to see how permissions work.
In the example below we are just talking about the permissions for a single capability in the course role of a Student and the system role of Authenticated user for 1 user.
- If Student (at course level) is Prevent, and Student (at site level) is Allow then you are NOT allowed to do X
- If Student (at course level) is Prevent , and Authenticated user (at site level) is Allow, then you are NOT allowed to do X.
- If Student (at course level) is Allow, and Authenticated user (at site level) is Prevent, then you ARE allowed to do X.
- If Student (at course level) is Prohibit, and Authenticated user is Allow, then you are NOT allowed to do X.
- If Student (at course level) is Allow, and Authenticated user is Prohibit, then you are NOT allowed to do X.
This is wrong. (It would have been right in 1.9.) My best effort to explain this is in the "Permission Aggregation" section of http://www.aosabook.org/en/moodle.html. You probably need to start reading at the "13.2. Moodle's Roles and Permissions System" heading.--Tim Hunt 23:04, 9 January 2013 (WST)
Thanks for the link -I am going to read it now --Mary Cooch 00:51, 10 January 2013 (WST)
How can I prevent a user from changing their own password?
(With regard to this forum discussion: https://moodle.org/mod/forum/discuss.php?d=357360) I changed 'Prevent' to 'Prohibit'. There might be other sections which are similarly affected. I don't know why 'Prevent' doesn't work anymore to override the 'authenticated user' role. It should, so that you can override the custom role further down the hierarchy at category or course level. Frank Black