Roleassignments Class

Main page ► Managing a Moodle site ► Roles and permissions ► Assign roles

Context and roles

  • In Moodle, apart from the site administrator, users do not normally have a global, site-wide role. In other words, even though you may be a teacher offline, when you are in Moodle you could have a teacher role in the course you teach in but a student role in another course where you are studying for a diploma. There are a few exceptions but this is generally the case.
  • Because of the way Moodle works,assigning roles is done for a particular context. A site and course are examples of two different contexts. When you create a new role or tweak a pre-existing role via Administration > Site Administration > Users > Permissions > Define roles, you are asked in which context(s) you want the role to be assigned:

  • Here are some examples of contexts; how to get to the assign roles screen, and when/why you would assign roles here:

System context

  • Administration > Site Administration > Users > Permissions > Assign system roles
  • Any roles assigned here apply to the whole Moodle site. It makes sense therefore that only roles that need this functionality can be assigned here. The Manager role and Course creator role are examples of two such roles. Assigning a teacher or student here would result in their being able to teach/study in every single course on the site, which is not usually desirable.
  • If you really feel your Moodle needs to have teachers or students assigned in the system context, go to the teacher/student role in Administration > Site administration > Users > Permissions > Define roles and check the "system" box. Then search for and allow the capability moodle/course:view
Assigning system roles by CSV

Where certain custom roles are applied in the system context, it is possible to upload users to that role in bulk by adding the field sysrole1 (etc) to a CSV file.

When previewed, there is a column indicating their system role:

Once uploaded, the users are present on the 'Assign system roles' screen:

See Upload users for information on adding users to roles via CSV.

Front page context

  • Administration > Site Administration > Front Page>Users>Permissions>Assigned roles
  • Those with a role in the system context do not need to be assigned a role here as well.
  • However you might want to allow a teacher to manage items on the front page; in this instance, you would assign them the role on the Front page.

Course Category context

  • See Category enrolments
  • Users may be enrolled in the category to save enrolling them in each individual course in that category.

Course context

  • Go to Administration > Course administration > Enrolled users
  • Click the "Enrol users" button and click those users you wish to enrol

The dropdown menu at the top shows roles for which you are allowed to enrol; typically those users with lower roles than you. See Enrolled users for more details.

Block context

  • (Within the block) Administration > Assign roles
  • You may wish to assign roles to a block if, for instance you want specific people to see the block but for it to be hidden from others

Activity Module context

  • (Within the activity settings) Administration > Locally assigned roles
  • An example of this is assigning a student the teacher role locally in an individual activity like a forum so they can moderate their classmates' posts while still retaining the student role in the rest of the course.

User context

The user context is used for roles such as mentor, team leader or the Parent role. The role to be assigned must have 'User' ticked as the context type where it is to be assigned.

To assign a user the role of mentor in the context of their mentee, click the mentee's profile, then Preferences then 'Assign roles relative to this user'.

If a mentor has lots of mentees, the role of mentor can be assigned to them all in one go as follows:

  1. Put all mentees in a cohort
  2. Go to Site administration > Users > Permissions > Assign user roles to cohort

Hierarchy

By assigning a role to a user in a certain context, you grant them the permissions contained in that role for the current context and all lower contexts.

The list of contexts in hierarchical order is as follows:

  • System (no parent)
  • Front page (parent = system) -
  • Course category (parent = parent category or system)
  • Course (parent = category or system)
  • Module (parent = course or system)
  • Block (parent = course or system)
  • User (parent = system)

Roles can be inherited. For example if a user is assigned a Teacher role in a specific course category then the user will have this role in ALL courses within the category. Tip: use the override feature in a specific context for exceptions.

Roles will only work if the role assignment is made in the correct context. Some examples: a Teacher role should be assigned to a user in the course or course category context, a Forum moderator for a particular forum should be assigned in that specific forum.

Assigning someone the role of Site administrator

  • Site administrators are assigned via a special page: Administration > Site Administration > Users > Permissions > Site Administrators. Select the name from the right and move it over to the left:

  • The original (primary) administrator cannot be deleted.

Checking a user's role assignments

To check a user's role assignments go to their profile page, then under the Administration heading, click on 'Preferences'. On the Preferences page, under the 'Roles' heading click on 'This user's role assignments'.

Hidden roles

If you want to provide users with access to the course, but don't want them to be visible in the participants list, use the Other users link in the course administration menu (Administration > Course Administration > Users > Other Users). Assigning roles here provides course access, and editing rights according to the permissions set for the role assigned without actually enrolling the user in the course. This is similar to the functionality of the "hidden user" check box in previous versions of Moodle.

Note: By default, the only role which can be assigned to other users is the manager role. To enable other roles, such as teacher to be assigned, the capability moodle/course:view should be allowed for the role (see below).

Enabling teachers to assign the role of teacher

By default, teachers are only allowed to assign the roles of non-editing teacher, student and guest. To enable teachers to assign the role of teacher:

  1. Access Site Administration > Users > Permissions > Define roles.
  2. Click the tab "Allow role assignments".
  3. Click the checkbox where the teacher row and column intersect.
  4. Click the "Save changes" button.

Beware of assignments that don't make sense

There are many role assignments that do not make sense as the underlying functionality does not exist. Just because you give someone the "right" to do something does not guarantee that the interface or facility actually exists within the context that you have assigned that right. For example, you can assign a user the right to create new categories in the category context. However there is no interface within Moodle to do that (category creation is only available at the system level).

Multiple assignments

A significant part of the roles infrastructure is the ability to assign a user into multiple roles (at the same time). The capabilities of each role are merged to produce the effective set of capabilities. For example, a user could be both a Teacher and Student in the same course. You should be careful to ensure that if you change a user's role that you remove them from any other roles as required as this will no longer be done automatically.

See also

Using Moodle forum discussions:

Assign system roles screen

According to this article on MSDN:

A role consists of two parts: a role definition and a role assignment.

So that (mostly?) answers your question of what is a role. But to get into the details:

The role definition, or permission level, is the list of rights associated with the role.

So from a UI perspective, these are things like "Contribute", "Full Control", etc. If you create a new custom permission level (instructions here), you are essentially creating a new role definition.

The role assignment is what ties together the role definition (permission level) with the specific user or group, and the scope that that permission level will be applied to (i.e. site, list, folder, etc.). It gets a little complicated but it kind of works like this:

  • The role assignment holds a role definition binding that links the permission level (role definition) to a user or group.
  • The object the permissions are going to be applied to (web, list, etc.) holds the role assignment.

So again, from a UI perspective, you are working with role definitions when you are working with permission levels (Contribute, Full Control, etc.). The role definition binding and role assignments happen hand-in-hand when you assign a user or group permissions to a specific object (site, list, folder, etc.).

Hope that clears it up at least a little bit!

0 thoughts on “Roleassignments Class

Leave a Reply

Your email address will not be published. Required fields are marked *