Note: You are currently viewing documentation for Moodle 3.7. Up-to-date documentation for the latest stable version of Moodle may be available here: Managing roles.

Managing roles: Difference between revisions

From MoodleDocs
m (→‎Allow role to view: removing new in 3.5)
 
(117 intermediate revisions by 22 users not shown)
Line 1: Line 1:
{{Roles}}
{{Roles}}
{{Moodle 1.7}}
Managing overall role capabilities can be done by an administrator using  ''Administration > Site administration > Users > Permissions > Define roles''.   This is the place to add custom roles or modify existing roles.  The "Manage roles" tab, allows the system administrator to edit any one of over 350 different capabilities associated with any role.   The "Allow role assignments", "Allow role overrides" and "Allow role switches" contain a matrix which give the ability for a specific role to work with other specific roles.  
Moodle 1.7 allows the administrator to add or edit existing roles available on the Moodle site. This is done through the Administration block>>User>>Permission>>Define roles menu area.  Remember that Moodle comes with 7 default roles and adding and editing roles is completely optional.


==Define roles==
==Manage roles==
There are 3 tabs on the define role page.
[[Image:Roles_Define_tab.JPG|center]]


*Manage roles - The place to add and define permissions for a new role, or edit name and/or permissions associated with existing Moodle roles.
The 'Manage roles' tab contains a list of roles on your site. The edit column contains icons for editing, deleting roles and copying roles, and for moving them up or down in the list (affecting the way that roles are listed around Moodle).
*[[Allow role assignments]] - A matrix which determines which role can assign users to other roles.
*[[Allow role overrides]] - A matrix which determines which role can override a previously assigned role. The default is that only an administrator can override any role assigned by another role.


==Permissions==
[[Image:Allowroletoview.png]]
The permissions matrix allows a very granular approach to assigning rights to a role (a class of users).  Assigning or editing permissions should be done with great care.  A change can produce a profound unwanted effect, or an annoying effect that will be hard to understand the cause.


There are over 150 lines of capabilities where any of 4 different permissions can be assigned. The capabilities are grouped in 21 catagories. We strongly recommend not to change the LEGACY roles. Here is the top of the list.
To edit a role:
#Go to ''Administration > Site administration > Users > Permissions > Define roles''.
#Click the edit icon opposite the role you want to edit. For example "student".
#On the editing role page, change permissions as required for each capability.
#Scroll to the bottom of the page and click the "Save changes" button.


[[Image:Roles_Define_Permissions_crop.JPG|center]]
See [[Creating custom roles]] for information about adding a new role and creating a duplicate role.


===Permission terms===
==Role name localisation==
From lowest to highest, from general to specific.


*Inherit - pass along from before [lowest level, always loses]
If a standard role name or description is empty Moodle uses a default string from the current language pack. Custom roles can be customised using multilang syntax.
*Allow - let happen or permit [same level as prevent]
*Prevent - stop [same level as allow]
*Prohibit - forbid {highest level, always wins]


===Permission examples===
You may also override the role names separately in each course.
'''Inherit''': if no permission is defined, then the capability permission is inherited from a context that is more general than the current context.  


'''Allow and prevent''' will cancel each other out if set for the same capability at the same context level. If this happens, we refer to the previous context level to determine the permission for the capability.
==Resetting a role==


'''Prohibit''': If we set prohibit on a capability, it means that the capability cannot be overridden. Prohibit always wins and creates a permenant stop.  
To reset a role back to the default permissions:
#Go to ''Administration > Site administration > Users > Permissions > Define roles''.
#Click on the name of the role, for example "student".
#Click the 'Reset' button.


Since the capabilities in each role could be different and participants can be assigned different roles, there could be a conflict in capabilities. The hierarchy of permissions resolves this by saying that the capability defined for a more specific context will win, unless an prohibit is encountered in a less specific context.  
Note that if you have students who have been given extra permissions at course and/or activity levels (such as forum ratings), then they will no longer be able to do this once the role has been reset to its default. A teacher would need to go back and set up these extra permissions in the course/activity levels again.


Example 1. Mark has a student role in Course One, which allows  all students to write into the wikis "Everyone" and "Homework".  But Mark also got assigned a Visitor role at a module context level (for the wiki "Honors") and Visitors are prevented writing in the Honors wiki.  Thus Mark can write into the "Everyone" and "Homework" wikis but not in "Honors".
==Allow role assignments==


Example 2.Jeff has been assigned to a "naughty student" role that prohibits him from postings in any forums for the whole site. However his teacher assigned him a "facilitator" role in "Science forum" in the course Science and Math 101. Since a higher context prohibit permission always wins, Jeff is unable to post in "Science forum".
The "Allow role assignments" tab allows (or does not allow) a specific role to be able to assign specific roles to a user.


==Examples of roles==
Why would a site want different roles?  Consider
{|  border="0" cellpadding="2"
!width="200"|
!width="200"|
!width="200"|
|-
||*Site Designers||*Educational Authority Adviser||*Educational Inspector||
|-
||*Second Marker / Moderator||*Peer observer of teaching||*External Examiner
|-
||*Parent||*Manager||*Weekly Seminar Leader
|-
||*Mentor/Mentee||*Community-Designed Rating Criteria||*Visitor
|-
||*Guest Speaker||*Former Student||*Alumnus
|-
||*Librarian||*Teacher||*Community Education Tutors/Trainers
|-
||*Secretary/Student Worker||*Teaching Assistant||*Student - FERPA rights
|-
||*Help Desk|| ||
|}


==Enrolling existing students in a course ==
===Enabling teachers to assign other teachers===
In 1.7, enrolling students in a course is done by the roles section.  Go to the course, in the [[Administration block]], click Assign Roles, when the new page opens, click on Students and you will be presented with a screen that lists most Moodle users. This is similar to previous versions of Moodle.  Select the student on the right and add them to the course list on the left. 
By default, teachers can only assign other users the roles of non-editing teachers, students and guests. If you want teachers to be able to assign other teachers in their course, you can allow the role assignment:


If the student is not on the Moodle list, they will need to be created or added to the Moodle user list, also found under the roles section.
#Click on ''Administration > Site administration > Users > Permissions > Define roles''.
#Click the Allow role assignments tab.
#Click the checkbox where the teacher row and column intersect.
#Click the "Save changes" button.


==Basic concept definitions==
==Allow role overrides==
The "Allow role overrides" tab allows (or does not allow) a specific role to be able to override specific roles for a user.  For example, it might allow a teacher role to override a student's role to a non-editing teacher's role.


*A '''role''' is an identifier of the user's status in some context. For example, teacher, student and forum moderator are examples of roles.
:Note that the settings only apply to roles that have the capabilities [[Capabilities/moodle/role:override|moodle/role:override]] or [[Capabilities/moodle/role:safeoverride|moodle/role:safeoverride]] allowed.
*A '''capability''' is a description of some particular Moodle feature. Capabilities are associated with roles. For example, being able to reply to a forum post is a capability.
*A '''permission''' is some value that is assigned for a capability for a particular role. For example, using the prevent permission to limit all students from posting to any forum.
*A '''context''' is a "space" in the Moodle, such as courses, activity modules, blocks, forums etc.
*A '''hierarchy of permissions''' determines which permission wins or is going to be in effect if there is an apparent conflict.  For example, the site allow all students the permission to  to post in forums, but a teacher might prevent that right in a particular course.  The hieracary of permissions would allow a student to post in one course but not in another course.


[[Category: Administrator]]
==Allow role switches==
[[Category:Roles]]
The "Allow role switches" tab allows (or does not allow) a specific role to be able to temporarily change their role to another specific role.  For example, this might allow a users assigned to a custom role in a course to see "Student" in the Settings > Switch role list. 
:Note: the selected role must also have the moodle/role:switchroles capability to be able to switch.


[[fr:Définir les rôles]]
==Allow role to view==
 
This setting allows the administrator to decide which roles users can see, search and filter by, according to their existing role.
 
==Roles capabilities==
 
*[[Capabilities/moodle/role:manage|Create and manage roles]]
*[[Capabilities/moodle/role:assign|Assign roles to users]]
*[[Capabilities/moodle/role:switchroles|Switch to other roles]]
 
[[Category:Site administration]]
 
[[es:Gestionar_roles]]
[[eu:Rolak_kudeatu]]
[[fr:Gestion des rôles]]
[[ja:ロールの管理]]
[[de:Rollen verwalten]]

Latest revision as of 07:57, 4 June 2019


Managing overall role capabilities can be done by an administrator using Administration > Site administration > Users > Permissions > Define roles. This is the place to add custom roles or modify existing roles. The "Manage roles" tab, allows the system administrator to edit any one of over 350 different capabilities associated with any role. The "Allow role assignments", "Allow role overrides" and "Allow role switches" contain a matrix which give the ability for a specific role to work with other specific roles.

Manage roles

The 'Manage roles' tab contains a list of roles on your site. The edit column contains icons for editing, deleting roles and copying roles, and for moving them up or down in the list (affecting the way that roles are listed around Moodle).

Allowroletoview.png

To edit a role:

  1. Go to Administration > Site administration > Users > Permissions > Define roles.
  2. Click the edit icon opposite the role you want to edit. For example "student".
  3. On the editing role page, change permissions as required for each capability.
  4. Scroll to the bottom of the page and click the "Save changes" button.

See Creating custom roles for information about adding a new role and creating a duplicate role.

Role name localisation

If a standard role name or description is empty Moodle uses a default string from the current language pack. Custom roles can be customised using multilang syntax.

You may also override the role names separately in each course.

Resetting a role

To reset a role back to the default permissions:

  1. Go to Administration > Site administration > Users > Permissions > Define roles.
  2. Click on the name of the role, for example "student".
  3. Click the 'Reset' button.

Note that if you have students who have been given extra permissions at course and/or activity levels (such as forum ratings), then they will no longer be able to do this once the role has been reset to its default. A teacher would need to go back and set up these extra permissions in the course/activity levels again.

Allow role assignments

The "Allow role assignments" tab allows (or does not allow) a specific role to be able to assign specific roles to a user.


Enabling teachers to assign other teachers

By default, teachers can only assign other users the roles of non-editing teachers, students and guests. If you want teachers to be able to assign other teachers in their course, you can allow the role assignment:

  1. Click on Administration > Site administration > Users > Permissions > Define roles.
  2. Click the Allow role assignments tab.
  3. Click the checkbox where the teacher row and column intersect.
  4. Click the "Save changes" button.

Allow role overrides

The "Allow role overrides" tab allows (or does not allow) a specific role to be able to override specific roles for a user. For example, it might allow a teacher role to override a student's role to a non-editing teacher's role.

Note that the settings only apply to roles that have the capabilities moodle/role:override or moodle/role:safeoverride allowed.

Allow role switches

The "Allow role switches" tab allows (or does not allow) a specific role to be able to temporarily change their role to another specific role. For example, this might allow a users assigned to a custom role in a course to see "Student" in the Settings > Switch role list.

Note: the selected role must also have the moodle/role:switchroles capability to be able to switch.

Allow role to view

This setting allows the administrator to decide which roles users can see, search and filter by, according to their existing role.

Roles capabilities