Managing roles: Difference between revisions
Helen Foster (talk | contribs) (→See also: link added) |
Helen Foster (talk | contribs) (→Example roles: link added) |
||
| Line 70: | Line 70: | ||
==Example roles== | ==Example roles== | ||
*[[Inspector role|Inspector]] | *[[Inspector role|Inspector]] - for providing external inspectors with permission to view all courses (without being required to enrol) | ||
*[[Parent role|Parent]] | |||
==See also== | ==See also== | ||
Revision as of 19:02, 17 March 2007
Location: Administration > Users > Permissions > Define roles
From Moodle 1.7 onwards administrators may choose to add or edit roles.
Predefined roles
Moodle comes with 7 predefined roles:
- Administrator
- Course creator
- Teacher
- Non-editing teacher
- Student
- Guest
- Authenticated user (1.8)
Each role may be edited via the link next to its name. Template:Moodle 1.8 Role permissions may be reset or a duplicate role created using the buttons at the top of the View role details page (from Moodle 1.8 onwards).
Permissions
The permissions matrix allows a very granular approach to assigning rights to a role (a class of users). Assigning or editing permissions should be done with great care. A change can produce a profound unwanted effect, or an annoying effect that will be hard to understand the cause.
There are over 150 lines of capabilities where any of 4 different permissions can be assigned. The capabilities are grouped in 21 categories.
The permissions for each of the pre-defined roles are shown with a grey background (from Moodle 1.8 onwards).
Permission terms
From lowest to highest, from general to specific.
- Inherit - pass along from before [lowest level, always loses]
- Allow - let happen or permit [same level as prevent]
- Prevent - stop [same level as allow]
- Prohibit - forbid [highest level, always wins]
Permission examples
Inherit: if no permission is defined, then the capability permission is inherited from a context that is more general than the current context.
Allow and prevent will cancel each other out if set for the same capability at the same context level. If this happens, we refer to the previous context level to determine the permission for the capability.
Prohibit: If we set prohibit on a capability, it means that the capability cannot be overridden. Prohibit always wins and creates a permanent stop.
Since the capabilities in each role could be different and participants can be assigned different roles, there could be a conflict in capabilities. The hierarchy of permissions resolves this by saying that the capability defined for a more specific context will win, unless an prohibit is encountered in a less specific context.
Example 1. Mark has a student role in Course One, which allows all students to write into the wikis "Everyone" and "Homework". But Mark also got assigned a Visitor role at a module context level (for the wiki "Honors") and Visitors are prevented writing in the Honors wiki. Thus Mark can write into the "Everyone" and "Homework" wikis but not in "Honors".
Example 2. Jeff has been assigned to a "naughty student" role that prohibits him from postings in any forums for the whole site. However his teacher assigned him a "facilitator" role in "Science forum" in the course Science and Math 101. Since a higher context prohibit permission always wins, Jeff is unable to post in "Science forum".
Legacy capabilities
- Legacy capabilities were implemented for backward compatibility.
- Allowing a legacy capability does NOT provide a new role with all capabilities of a pre-Moodle 1.7 role.
- It is not necessary to to allow any legacy capabilities unless using old 3rd party code that was not designed for Moodle 1.7 and doesn't yet support roles.
Adding a new role
- Give the role an appropriate name. If you need to name the role for multiple languages you can use multi-lang syntax if you wish, such as
<span lang="en" class="multilang">Teacher</span> <span lang="es_es" class="multilang">Profesor</span>. If multi-lang syntax is used then Filter all strings should be set in Filter settings. - Give the role a meaningful short name. The short name is necessary for other plugins in Moodle that may need to refer to the role (e.g. when uploading users from a file or setting enrolments via an enrolment plugin).
- Optional: Give the role a description so that everyone has a common understanding of it.
Testing a new role
- Create test user and assign new role to them.
- Either logout as admin and then login as test user or use a different browser to login as test user.
Example roles
- Inspector - for providing external inspectors with permission to view all courses (without being required to enrol)
- Parent
See also
- The capability moodle/role:manage
- Using Moodle Create a Parent of a student role forum discussion
- Using Moodle What happens if a user has multiple roles in a course? forum discussion
