Roles and permissions
This page is intended to be a quick overview of the Roles functionality that was introduced in Moodle 1.7.
Previous Moodle versions had predefined, fixed roles. There was no easy way to change what a teacher, or student, for instance, could do. While fixed roles are adequate for many users, others require greater flexibility in regulating how participants see and interact with the system. With Roles, authorised users can create any number of customised roles and assign them to participants. From 1.7, an organisation can create multiple roles so that, for instance, students assigned Role A could post to forums, while students assigned Role B are prevented from posting.
A capability is a description of some particular Moodle feature. Capabilities are aggregated and controlled via roles. Stated another way, a role consists of a list of permissions for different possible actions within Moodle (eg delete discussions, add activities etc). With 1.7 it's now possible to have sophisticated yet flexible levels of control over participants and what they can or can't do.
A smooth upgrade will be provided with 1.7. The existing roles (admin, teacher, student, etc), and the existing capabilities will be automatically retained. This is done by creating default roles at site/course levels, and assigning the current users to these roles accordingly. The default roles will have default capabilities associated with them, mirroring what we have in 1.6. With no modifications, Moodle will operate exactly the same before and after the upgrade.
For more in-depth documentation on Roles, see this link.