Roles and permissions
This page is intended to be a quick overview of the Roles functionality that was introduced in Moodle 1.7.
Previous Moodle versions had predefined, fixed roles. There was no easy way to change what a teacher, or student, for instance, could do. While fixed roles are adequate for many users, others require greater flexibility in regulating how users see and interact with the system.
With Roles, authorised users can create any number of customised roles and assign them to users. From 1.7, an organisation can create multiple roles so that, for instance, students assigned Role A could post to forums, while students assigned Role B are prevented from posting.
- A role is an identifier of the user's status in some context. For example, teacher, student and fourm moderator are examples of roles.
- A capability is a description of some particular Moodle feature. Capabilities are associated with roles. For example, mod/forum:replypost is a capability.
- A permission is some value that is assigned for a capability for a particular role. For example, allow or prevent.
- A context is a "space" in the Moodle, such as courses, activity modules, blocks etc.
Capabilities are aggregated and controlled via roles. Stated another way, a role consists of a list of capabilities for different possible actions within Moodle (eg delete discussions, add activities etc). With 1.7 it's now possible to have sophisticated yet flexible levels of control over participants and what they can or can't do.
A smooth upgrade will be provided with 1.7. The existing roles (admin, teacher, student, etc), and the existing capabilities will be automatically retained. This is done by creating default roles at site/course levels, and assigning the current users to these roles accordingly. The default roles will have default capabilities associated with them, mirroring what we have in 1.6. With no modifications, Moodle will operate exactly the same before and after the upgrade.
For more in-depth documentation on Roles, see this link.