Note: You are currently viewing documentation for Moodle 3.7. Up-to-date documentation for the latest stable version of Moodle may be available here: Managing roles.

Managing roles

From MoodleDocs
Revision as of 16:39, 4 March 2007 by Helen Foster (talk | contribs) (adding a new role, legacy capabilities)
Main pageManaging a Moodle siteRoles and permissionsManaging roles
Roles and permissions


Template:Moodle 1.7

Location: Administration > Users > Permissions > Define roles

From Moodle 1.7 onwards administrators may choose to add or edit user roles.

Basic concept definitions

  • A role is an identifier of the user's status in some context. For example, teacher, student and forum moderator are examples of roles.
  • A capability is a description of some particular Moodle feature. Capabilities are associated with roles. For example, being able to reply to a forum post is a capability.
  • A permission is some value that is assigned for a capability for a particular role. For example, using the prevent permission to limit all students from posting to any forum.
  • A context is a "space" in the Moodle, such as courses, activity modules, blocks, forums etc.
  • A hierarchy of permissions determines which permission wins or is going to be in effect if there is an apparent conflict. For example, the site allow all students the permission to to post in forums, but a teacher might prevent that right in a particular course. The hierarchy of permissions would allow a student to post in one course but not in another course.

Permissions

The permissions matrix allows a very granular approach to assigning rights to a role (a class of users). Assigning or editing permissions should be done with great care. A change can produce a profound unwanted effect, or an annoying effect that will be hard to understand the cause.

There are over 150 lines of capabilities where any of 4 different permissions can be assigned. The capabilities are grouped in 21 categories.

File:Roles Define Permissions crop.JPG
Top of the permissions table

Permission terms

From lowest to highest, from general to specific.

  • Inherit - pass along from before [lowest level, always loses]
  • Allow - let happen or permit [same level as prevent]
  • Prevent - stop [same level as allow]
  • Prohibit - forbid {highest level, always wins]

Permission examples

Inherit: if no permission is defined, then the capability permission is inherited from a context that is more general than the current context.

Allow and prevent will cancel each other out if set for the same capability at the same context level. If this happens, we refer to the previous context level to determine the permission for the capability.

Prohibit: If we set prohibit on a capability, it means that the capability cannot be overridden. Prohibit always wins and creates a permanent stop.

Since the capabilities in each role could be different and participants can be assigned different roles, there could be a conflict in capabilities. The hierarchy of permissions resolves this by saying that the capability defined for a more specific context will win, unless an prohibit is encountered in a less specific context.

Example 1. Mark has a student role in Course One, which allows all students to write into the wikis "Everyone" and "Homework". But Mark also got assigned a Visitor role at a module context level (for the wiki "Honors") and Visitors are prevented writing in the Honors wiki. Thus Mark can write into the "Everyone" and "Homework" wikis but not in "Honors".

Example 2.Jeff has been assigned to a "naughty student" role that prohibits him from postings in any forums for the whole site. However his teacher assigned him a "facilitator" role in "Science forum" in the course Science and Math 101. Since a higher context prohibit permission always wins, Jeff is unable to post in "Science forum".

Examples of roles

Why would a site want different roles? Consider the following:

Site Designers, Educational Authority Adviser, Educational Inspector, Second Marker / Moderator, Peer observer of teaching, External Examiner, Parent, Manager, Weekly Seminar Leader, Mentor/Mentee, Community-Designed Rating Criteria, Visitor, Guest Speaker, Former Student, Alumnus, Librarian, Teacher, Community Education Tutors/Trainers, Secretary/Student Worker, Teaching Assistant, Student - FERPA rights, Help Desk

Adding a new role

  • A role must have a name. If you need to name the role for multiple languages you can use multi-lang syntax if you wish, such as <span lang="en">Teacher</span> <span lang="es_es">Profesor</span>. If you do this make sure the setting to "filter strings" is on for your installation.
  • The shortname is necessary for other plugins in Moodle that may need to refer to your Roles (e.g. when uploading users from a file or setting enrolments via an enrolment plugin).
  • The description is simply to describe the role in your own words, so that everyone has a common understanding about the role.

Testing a new role

It is necessary to log out then log in again to test a new role. Do not use "Login As" to check the new settings; use some dummy accounts instead.

Legacy capabilities

  • Legacy capabilities were implemented for backward compatibility.
  • Allowing a legacy capability does NOT provide a new role with all capabilities of a pre-Moodle 1.7 role.
  • Note: It is not necessary to to allow any legacy capabilities unless using old 3rd party code that was not designed for Moodle 1.7 and doesn't yet support roles.

See also

Retrieved from "https://docs.moodle.org/37/en/index.php?title=Managing_roles&oldid=21069"
Powered by MediaWiki