Tenant administrator role
The tenant administrator role is created automatically when Moodle Workplace is installed. This role cannot be removed, however the main admin can modify its capabilities.
This role is issued automatically to users assigned as tenant administrators in a Multi-tenancy setting. To assign an administrator to a given tenant, click on the "Edit tenant" icon and select the user under "Management > Administrators".
Tenant administrators can browse, add and edit users, and manage theme settings within their own tenant. They can also create and manage programs, certifications, dynamic rules, custom reports, organisation structure and certificates for their tenants and assign respective roles to other users.
Some core capabilities have been included in this role, for example 'moodle/role:assign', 'moodle/site:uploadusers', 'moodle/site:viewuseridentity', 'moodle/badges:awardbadge', 'moodle/badges:viewawarded'. Even though these capabilities are defined by core, their scope has been limited in Moodle Workplace to users of the current tenant. This means, by default, the tenant administrator will not be able to view, select or assign users outside of their tenant. Examples of interfaces that have been modified:
- User selector used when manually enrolling users in a course
- User selector used when assigning roles
- User selector used when issuing badges
Note that most core capabilities, if granted, would allow the tenant administrator to view or assign all users in the system. If a capability is not included in the default "Tenant administrator" role, it is unlikely to be multi-tenant compatible. Bear that in mind when modifying the "Tenant administrator" role.