Tenant administrator role: Difference between revisions
No edit summary |
Paul Holden (talk | contribs) (Small changes.) |
||
Line 1: | Line 1: | ||
{{Workplace}} | {{Workplace}} | ||
The tenant administrator role is created automatically when [[Moodle Workplace]] is installed. This role can not be removed, however the main admin can modify the capabilities. This role is issued automatically to the users who are set as tenant administrators in the [[Multi-tenancy]] feature. | |||
Such users will be able to [[Capabilities/tool/tenant:browseusers|Browse users]], [[Capabilities/tool/tenant:manageusers|Add and edit users]] and [[Capabilities/tool/tenant:managetheme|Manage theme settings]]. They can also create and manage programs, certifications, dynamic rules, custom reports, organisation structure and certificates for their tenants as well as assign the respective roles to the other users. | Such users will be able to [[Capabilities/tool/tenant:browseusers|Browse users]], [[Capabilities/tool/tenant:manageusers|Add and edit users]] and [[Capabilities/tool/tenant:managetheme|Manage theme settings]]. They can also create and manage programs, certifications, dynamic rules, custom reports, organisation structure and certificates for their tenants as well as assign the respective roles to the other users. | ||
Some core capabilities are also included in this role, for example 'moodle/role:assign', 'moodle/site:uploadusers', 'moodle/site:viewuseridentity', 'moodle/badges:awardbadge', 'moodle/badges:viewawarded'. | Some core capabilities are also included in this role, for example 'moodle/role:assign', 'moodle/site:uploadusers', 'moodle/site:viewuseridentity', 'moodle/badges:awardbadge', 'moodle/badges:viewawarded'. Even though these capabilities are defined by core, the core code was modified in Moodle Workplace to limit the users the tenant administrator can view to the list of users in their own tenant. This means the tenant administrator will not be able to assign roles to users outside of their tenant, award or view awarded badges. | ||
Even though these capabilities are defined by core, the core code was modified in Moodle Workplace | |||
It is important to remember that there are still a lot of core capabilities that, if granted, would allow the user to see or work with all users in the system. If the capability is not included in the default "Tenant administrator" role, it may not be multi-tenant. When modifying the "Tenant administrator" role it is better not to add any more capabilities to it. | It is important to remember that there are still a lot of core capabilities that, if granted, would allow the user to see or work with all users in the system. If the capability is not included in the default "Tenant administrator" role, it may not be multi-tenant compatible. When modifying the "Tenant administrator" role it is better not to add any more capabilities to it. |
Revision as of 08:51, 20 September 2019
The tenant administrator role is created automatically when Moodle Workplace is installed. This role can not be removed, however the main admin can modify the capabilities. This role is issued automatically to the users who are set as tenant administrators in the Multi-tenancy feature.
Such users will be able to Browse users, Add and edit users and Manage theme settings. They can also create and manage programs, certifications, dynamic rules, custom reports, organisation structure and certificates for their tenants as well as assign the respective roles to the other users.
Some core capabilities are also included in this role, for example 'moodle/role:assign', 'moodle/site:uploadusers', 'moodle/site:viewuseridentity', 'moodle/badges:awardbadge', 'moodle/badges:viewawarded'. Even though these capabilities are defined by core, the core code was modified in Moodle Workplace to limit the users the tenant administrator can view to the list of users in their own tenant. This means the tenant administrator will not be able to assign roles to users outside of their tenant, award or view awarded badges.
It is important to remember that there are still a lot of core capabilities that, if granted, would allow the user to see or work with all users in the system. If the capability is not included in the default "Tenant administrator" role, it may not be multi-tenant compatible. When modifying the "Tenant administrator" role it is better not to add any more capabilities to it.