If you want to create a new page for developers, you should create it on the Moodle Developer Resource site.

Enrolment usage overview

From MoodleDocs

Moodle 2.0


There is a lot of confusion related to guest access, enrolment of users, unenrolment, expiration, etc. This page is trying to sum up the usage of enrolments and guest access in various parts of Moodle.


All enrolled users enrolled in a course have record in user_enrolments table. The original moodle/course:view is reset during 2.0 upgrade and all data is migrated to this new enrolment table.
guest user
Local user account with username guest, for performance reasons guest id is cached in $CFG, guest is never returned from get_users_by_capability() or get_enrolled_users(), all write and dangerous capabilities are blocked in has_capability().
Users with moodle/course:view at course or higher level may access course without enrolment or guest access. These users are not visible inside course unless they post or do other visible action.
course guest access
Those are users that are not enrolled or just viewing, but still somehow get through the require_login($course). The enrolment plugins are supposed to grant this temporary guest access, usually at the same time the user is temporarily given some guest role.
Administrators do not have any role assigned any more, instead list of administrators is stored in CFG variable. Administrators are not returned from any accesslib queries, the only function explicitly dealing with administrators is the has_capability(), it always returns true for administrators. This is the reason why all activities that are not combined with enrolment status must have positive meaning.
manager access
Users with redefined moodle/course:view capability may access course they are not enrolled in. These users may have any capability, but they can not truely participate in courses, be members of groups, be graded, etc. This is partially equivalent to previous hidden role assignments.

Core API

returns list of userids that are already enrolled (everybody on frontpage) optionally with some capability
return the sql select used in get_enrolled_users()
returns true for guest user account and users with temporary guest access
return true only for the real guest account (username==guest)
returns true for all site admins
returns true if user has capability, if $doanything==true used returns true for all admins
the same as in 1.9
returns true if user enrolled, on frontpage true for everybody
returns true if user administrator or has moodle/course:view capability

Core usage

Group membership

Only enrolled users may be members of groups. In 1.9 and earlier we only guess by looking at roles that have moodle/course:view which is not hidden, this may actually return incorrect results if overrides are used. All group membership is removed when un-enrolling from course.


We keep only grades of enrolled users. Gradebook shows only enrolled users that have the gradebook role. In future it could be controlled by a special capability instead, this was not possible in 1.9 for performance reasons.

Anybody with capability may grade or manage gradebook.

Logs and reports

In some cases we want to see only enrolled users, in others we want to see really all users. This should be decided by a new capability.

User profiles

Only enrolled user have course profile page that can be accessed by other users. Users that have one of $CFG->coursemanager roles have profile on site level because we want them to be clickable on course description page. (This was originally controlled by isteacherinanycourse() which was both deprecated and incorrect.)

Profile displays also user roles in course, the list of roles is the same as on the profile page.

Participation page

Participants page displays only enrolled users (with moodle/course:participate capability). It shows only limited number of roles specified in the $CFG->profileroles setting.


There is an ongoing discussion about limiting of communication to Teacher-Student only, I do not think we should restrict this - they may use modules like Consultation or Dialog instead. In any case the current messaging needs a lot more work both on performance and usability.


Comments can be controlled by capability.


Ratings can be controlled by capability.



Only enrolled user with submit capability may submit.

Users with capability may grade.


Users with capability may chat.


Enrolled users with capability may make a choice. In theory there could be a setting to require capability only.

The enrolment is important especially when there is a limited number of slots or when we want to display list of users that did not make a choice yet.



  • Enrolled users with capability only
  • Users with capability
  • All users including guest (non standard feature disabled by default for security reasons)


Anybody with capability may post. Enrolled users may get notifications via email or track new posts.


Anybody with capability may post.


Anybody with capability may try it, grades are recorded only for enrolled.


Anybody with capability could try it. Only enrolled with capability are displayed as those that did not pass grade yet. Only grades of enrolled are passed to gradebook.


Anybody with capability may try it.


Only enrolled with capability may answer it.


Anybody with capability may edit.


Only enrolled with capabilities may participate.


Online users

We need separate capability to see all or enrolled users.

See also