Difference between revisions of "Tenant administrator role"

Jump to: navigation, search
(Small changes.)
Line 1: Line 1:
 
{{Workplace}}
 
{{Workplace}}
  
Tenant administrator role is created automatically when [[Moodle Workplace]] is installed. This role can not be removed, however the main admin can modify the capabilities. This role is issued automatically to the users who are set as tenant administrators in the [[Multi-tenancy]] feature.
+
The tenant administrator role is created automatically when [[Moodle Workplace]] is installed. This role can not be removed, however the main admin can modify the capabilities. This role is issued automatically to the users who are set as tenant administrators in the [[Multi-tenancy]] feature.
  
 
Such users will be able to [[Capabilities/tool/tenant:browseusers|Browse users]], [[Capabilities/tool/tenant:manageusers|Add and edit users]] and [[Capabilities/tool/tenant:managetheme|Manage theme settings]]. They can also create and manage programs, certifications, dynamic rules, custom reports, organisation structure and certificates for their tenants as well as assign the respective roles to the other users.
 
Such users will be able to [[Capabilities/tool/tenant:browseusers|Browse users]], [[Capabilities/tool/tenant:manageusers|Add and edit users]] and [[Capabilities/tool/tenant:managetheme|Manage theme settings]]. They can also create and manage programs, certifications, dynamic rules, custom reports, organisation structure and certificates for their tenants as well as assign the respective roles to the other users.
  
Some core capabilities are also included in this role, for example 'moodle/role:assign', 'moodle/site:uploadusers', 'moodle/site:viewuseridentity', 'moodle/badges:awardbadge', 'moodle/badges:viewawarded'.
+
Some core capabilities are also included in this role, for example 'moodle/role:assign', 'moodle/site:uploadusers', 'moodle/site:viewuseridentity', 'moodle/badges:awardbadge', 'moodle/badges:viewawarded'. Even though these capabilities are defined by core, the core code was modified in Moodle Workplace to limit the users the tenant administrator can view to the list of users in their own tenant. This means the tenant administrator will not be able to assign roles to users outside of their tenant, award or view awarded badges.
Even though these capabilities are defined by core, the core code was modified in Moodle Workplace package to limit the users to the list of users in the current tenant. This means the tenant administrator will not be able to assign roles to users outside of their tenant, award or view awarded badges.
 
  
It is important to remember that there are still a lot of core capabilities that, if granted, would allow the user to see or work with all users in the system. If the capability is not included in the default "Tenant administrator" role, it may not be multi-tenant. When modifying the "Tenant administrator" role it is better not to add any more capabilities to it.
+
It is important to remember that there are still a lot of core capabilities that, if granted, would allow the user to see or work with all users in the system. If the capability is not included in the default "Tenant administrator" role, it may not be multi-tenant compatible. When modifying the "Tenant administrator" role it is better not to add any more capabilities to it.

Revision as of 08:51, 20 September 2019

workplacelogo.png This feature is part of Moodle Workplace, which is available through Moodle Partners.


The tenant administrator role is created automatically when Moodle Workplace is installed. This role can not be removed, however the main admin can modify the capabilities. This role is issued automatically to the users who are set as tenant administrators in the Multi-tenancy feature.

Such users will be able to Browse users, Add and edit users and Manage theme settings. They can also create and manage programs, certifications, dynamic rules, custom reports, organisation structure and certificates for their tenants as well as assign the respective roles to the other users.

Some core capabilities are also included in this role, for example 'moodle/role:assign', 'moodle/site:uploadusers', 'moodle/site:viewuseridentity', 'moodle/badges:awardbadge', 'moodle/badges:viewawarded'. Even though these capabilities are defined by core, the core code was modified in Moodle Workplace to limit the users the tenant administrator can view to the list of users in their own tenant. This means the tenant administrator will not be able to assign roles to users outside of their tenant, award or view awarded badges.

It is important to remember that there are still a lot of core capabilities that, if granted, would allow the user to see or work with all users in the system. If the capability is not included in the default "Tenant administrator" role, it may not be multi-tenant compatible. When modifying the "Tenant administrator" role it is better not to add any more capabilities to it.