Note: You are currently viewing documentation for Moodle 4.0. Up-to-date documentation for the latest stable version of Moodle may be available here: Tenant administrator role.

Tenant administrator role

From MoodleDocs
workplacelogo.png This feature is part of Moodle Workplace™, which is available through Moodle Partners only.

The tenant administrator role is created automatically when Moodle Workplace is installed. This role cannot be removed, however the main admin can modify its capabilities.

This role is issued automatically to users assigned as tenant administrators in a Multi-tenancy setting. To assign an administrator to a given tenant, click on the "Edit tenant" icon and select the user under "Management > Administrators".

Tenant administrators can browse, add and edit users, and manage theme settings within their own tenant. They can also create and manage programs, certifications, dynamic rules, custom reports, organisation structure and certificates for their tenants and assign respective roles to other users.

Some core capabilities have been included in this role, for example 'moodle/role:assign', 'moodle/site:uploadusers', 'moodle/site:viewuseridentity', 'moodle/badges:awardbadge', 'moodle/badges:viewawarded'. Even though these capabilities are defined by core, their scope has been limited in Moodle Workplace to users of the current tenant. This means, by default, the tenant administrator will not be able to view, select or assign users outside of their tenant. Examples of interfaces that have been modified:

  • User selector used when manually enrolling users in a course
  • User selector used when assigning roles
  • User selector used when issuing badges

Note that most core capabilities, if granted, would allow the tenant administrator to view or assign all users in the system. If a capability is not included in the default "Tenant administrator" role, it is unlikely to be multi-tenant compatible. Bear that in mind when modifying the "Tenant administrator" role.