Hi,
I just realised that a user can have multiple roles in a course - he was supposed to be a tutor but was also a student. Now, I had overwritten the student role for a forum, which worked fine, but him being a tutor was ignored on that forum i.e. he was treated as a student by moodle.
Now, what is the benefit of allowing multiple roles per user in a course? How does moodle evalute the permissions when this happens? (the more restrictive role, for example?)
Thanks, Michael
In reply to Michael Schwab
Re: What happens if a user has multiple roles in a course?Mo
by Yu Zhang -
Hi Michael,
The roles system is designed to handle multiple roles. Basic resolving at the same context level (say a student role and teacher role assigned to a user in a course) are resolved by summing sum the permissions (inherit = 0, allow = 1, prevent = -1, prohibit = -1000). So when you have both a student role and a teacher's role in a course, your overall capabilities will be that of a teacher. There are many advantages of that, for example if you have a student role and a moderator role assigned at the same course, you will have the ability to moderate forums.
However, capabilities assigned at a lower context level will always override a higher context level, for instance if you have a student role assigned in the course, and a forum moderator role assigned at a forum, and the moderator role has some capabilities that conflicts with your basic student role in the course, your forum moderator role would win. The only exception is if you set anything to prohibit in a higher context, it will get passed down to lower contexts. The basic calculation is
c1 * 100 + c2,
c1 being the contextlevel in which you are assigned a role, c2 being the contextlevel where you have an override for that role. In your case, you have an override for student in a forum, it would work out to be 50*100+70 = 5070. You teacher role would have a sum of 50* 100 = 5000, so the capability of student override, being 5070, will win.
You can either
1) remove him from student role in the course, or
2) add overrides for teacher's role in the forum, or
3) assign him a teacher's role in the forum (gives you a level of 70*100 = 7000)
Cheers,
Yu
The roles system is designed to handle multiple roles. Basic resolving at the same context level (say a student role and teacher role assigned to a user in a course) are resolved by summing sum the permissions (inherit = 0, allow = 1, prevent = -1, prohibit = -1000). So when you have both a student role and a teacher's role in a course, your overall capabilities will be that of a teacher. There are many advantages of that, for example if you have a student role and a moderator role assigned at the same course, you will have the ability to moderate forums.
However, capabilities assigned at a lower context level will always override a higher context level, for instance if you have a student role assigned in the course, and a forum moderator role assigned at a forum, and the moderator role has some capabilities that conflicts with your basic student role in the course, your forum moderator role would win. The only exception is if you set anything to prohibit in a higher context, it will get passed down to lower contexts. The basic calculation is
c1 * 100 + c2,
c1 being the contextlevel in which you are assigned a role, c2 being the contextlevel where you have an override for that role. In your case, you have an override for student in a forum, it would work out to be 50*100+70 = 5070. You teacher role would have a sum of 50* 100 = 5000, so the capability of student override, being 5070, will win.
You can either
1) remove him from student role in the course, or
2) add overrides for teacher's role in the forum, or
3) assign him a teacher's role in the forum (gives you a level of 70*100 = 7000)
Cheers,
Yu
In reply to Yu Zhang
Re: What happens if a user has multiple roles in a course?Mo
by Michael Schwab -
Dear Yu,
thank you very much for this very clear and instructive answer. I am almost understanding this now
Michael
thank you very much for this very clear and instructive answer. I am almost understanding this now
Michael
Are there things that a student can do that a teacher cannot? I ask this because I am not sure what the point is of making a user both teacher and student in a course, if being a teacher would automatically give him/her the permissions needed to function as a student. Thanks, Joe
In reply to Joe Peacock
Re: What happens if a user has multiple roles in a course?Mo
by Helen Foster -
Hi Joe,
There is no point in assigning both the roles of teacher and student in the course context, however you could assign the role of student in the course context and assign the role of teacher in a module context. For example, you could give a student forum moderator abilities by assigning them the role of teacher in the forum.
There is no point in assigning both the roles of teacher and student in the course context, however you could assign the role of student in the course context and assign the role of teacher in a module context. For example, you could give a student forum moderator abilities by assigning them the role of teacher in the forum.
In reply to Helen Foster
Re: What happens if a user has multiple roles in a course?Mo
by Joe Peacock -
Helen,
Thanks so much for your reply! I know it sounds crazy to make someone both a student and a teacher in a course. My idea was, as a way of getting our teachers to starting working in the Moodle system, to create a class in which they would each create resources in which they would talk about themselves (say a little about their background, interests, whatever) and also create an "assignment" or quiz or something that other teachers would take. Perhaps there is another way to do this other than making them all both teachers and students? Thanks for any help.
Thanks so much for your reply! I know it sounds crazy to make someone both a student and a teacher in a course. My idea was, as a way of getting our teachers to starting working in the Moodle system, to create a class in which they would each create resources in which they would talk about themselves (say a little about their background, interests, whatever) and also create an "assignment" or quiz or something that other teachers would take. Perhaps there is another way to do this other than making them all both teachers and students? Thanks for any help.
In reply to Joe Peacock
Re: What happens if a user has multiple roles in a course?Mo
by Helen Foster -
Hi Joe,
Thanks for explaining why you want to assign both the roles of student and teacher in the course context. As I understand it, this will enable users to do everything that is allowed for students and everything that is allowed for teachers. However, it may result in teachers being confused.
Instead, perhaps you could set up two demo courses, one where teachers are assigned the role of teacher and one where teachers are assigned the role of student. You could also suggest to teachers that they try using the "Switch role to..." feature (at the top of the course page) for checking how things look as a student.
Thanks for explaining why you want to assign both the roles of student and teacher in the course context. As I understand it, this will enable users to do everything that is allowed for students and everything that is allowed for teachers. However, it may result in teachers being confused.
Instead, perhaps you could set up two demo courses, one where teachers are assigned the role of teacher and one where teachers are assigned the role of student. You could also suggest to teachers that they try using the "Switch role to..." feature (at the top of the course page) for checking how things look as a student.
In reply to Helen Foster
Re: What happens if a user has multiple roles in a course?Mo
by Ger Tielemans -
How about a student role clone with upload rights?
In reply to Helen Foster
Re: What happens if a user has multiple roles in a course?Mo
by Tiffany Morgan -
I realize I'm replying to an old post, but I wondered-what might the benefits be of making one user both a course creator and a teacher in the same course. I was asked this by another admin and my initial reaction was unless the user needs to be able to create courses, why not just give them teacher access and then override permissions as needed.
Any thoughts? My experience has been two different roles for one person within the same context just often leads to confusion and problems...
Any thoughts? My experience has been two different roles for one person within the same context just often leads to confusion and problems...
In reply to Tiffany Morgan
Re: What happens if a user has multiple roles in a course?Mo
by ben reynolds -
Terrible problems. Course creator is a crippled role. Combine it with teacher, and, you're exactly right, Tiffany, all kinds of unexpected results. I believe I was unable to view grades. In some courses, I couldn't view profiles. The list goes on. Combining these roles is a very bad idea.
I will, of course, bow to someone who has superior experience & knowledge.
I will, of course, bow to someone who has superior experience & knowledge.
In reply to ben reynolds
Re: What happens if a user has multiple roles in a course?Mo
by Mary Cooch -
Well I was going to reverse the norm and follow Ben in posting but then I saw his final comment and felt I shouldn't as it would come over too vain
Having said that, we never bother with Course creators anyway - just the teacher role. Admin can set up a course in seconds -teachers can do everything else needed.
Having said that, we never bother with Course creators anyway - just the teacher role. Admin can set up a course in seconds -teachers can do everything else needed.
In reply to Mary Cooch
Re: What happens if a user has multiple roles in a course?Mo
by Tiffany Morgan -
Thanks for the feedback and for confirming my assumptions! 
In reply to Helen Foster
Re: What happens if a user has multiple roles in a course?Mo
by Tiffany oakes -
I need to have access as both since I work for a hospital and we use Moodle as our e-learning site. I create the content, but also need to be "tested" in it for JACO purposes. But, when I try to take the quizzes, no grade shows for me. How do I get the grade to show up and not have to manually input it each time?
In reply to Tiffany oakes
Re: What happens if a user has multiple roles in a course?Mo
by Tim Beachy -
We are having the same problem here. We have site-wide Managers who manage students in other courses, but in one particular course, they are enrolled as students. However, none of the quizzing/grading is being recorded because of their Manager role
It seems to me like I should just be able to remove their Manager enrollment for just this course in the Enroll User interface, but this is not an option.
I'm still waiting to find a definitive answer to this, but so far all I've seen is the suggestion that the Manager should just have a separate student account where they do all their personal training.
Does anyone have any guidance on this? Moodle 2.1
In reply to Tim Beachy
Re: What happens if a user has multiple roles in a course?Mo
by Glenn Pillsbury -
If a role is site-wide, removing it for one course would suddenly make it "not-site-wide" and it seems like Moodle has been designed very carefully to avoid that kind of problem.
I would agree with the other advice you've found that the best (and simplest) course of action for your particular situation is to create a separate account for administrative-type things that require site-wide access. From an organizational/accountability/security standpoint, it's better to have as clear a separation as possible between administration and simple usage.
Good luck!
In reply to Glenn Pillsbury
Re: What happens if a user has multiple roles in a course?Mo
by Tim Beachy -
Thanks Glenn, for the confirmation, and the advice.
Tim
In reply to Glenn Pillsbury
Re: What happens if a user has multiple roles in a course?Mo
by Tim Hunt -
The other solution that would work is: Alter the permissions on the Manager role in this one course/quiz, to remove the mod/quiz:preview capability. However, a separate log-in is probably simpler.
One example. Students can attempt quizzes. Teacher can't (they can only preview them).
Can anyone tell me if it possible to achieve this scenario:
We want any logged in user to have read only access to any course. This helps with making course selections. Once enrolled on the course a user can participate fully (95% of our enrolments are via our student record system using the external database enrolment plugin). However there are some courses that should not be available even on a read only basis to logged in users, and some courses that should not be available unless you self enrol using an enrolment key.
To try and achieve this I have:
Set the moodle/course:view capability for the Authenticated User to Allow
Set the defaultuserroleid user policy to Authenticated User so anyone who logs in should have this role across the system.
This works OK, anyone who logs in can view any course but can't participate unless they are enrolled and therefore have the student role in the course context. The problem comes when trying to prevent access to the few courses that need to be closed.
I tried setting an override in these courses so that the moodle/course:view was set to prevent for the Authenticated user. The problem with this is this then prevents anyone viewing the course even if they are assigned the student role or tutor role in this context (roles that have moodle/course:view set to Allow). i.e. a logged in user wasn't able to view the course (which is what I wanted to achieve), but when I logged in as a test user who was enrolled on the course then this user was also prevented from viewing the course. Presumably this is because they also have the Authenticated user role by default and so the override I set in the course context was negating the capabilities of the student role assigned in this context.
Is my understanding of what is going on correct? Can anyone think of a way around this?
Thanks for your help.
Alison
We want any logged in user to have read only access to any course. This helps with making course selections. Once enrolled on the course a user can participate fully (95% of our enrolments are via our student record system using the external database enrolment plugin). However there are some courses that should not be available even on a read only basis to logged in users, and some courses that should not be available unless you self enrol using an enrolment key.
To try and achieve this I have:
Set the moodle/course:view capability for the Authenticated User to Allow
Set the defaultuserroleid user policy to Authenticated User so anyone who logs in should have this role across the system.
This works OK, anyone who logs in can view any course but can't participate unless they are enrolled and therefore have the student role in the course context. The problem comes when trying to prevent access to the few courses that need to be closed.
I tried setting an override in these courses so that the moodle/course:view was set to prevent for the Authenticated user. The problem with this is this then prevents anyone viewing the course even if they are assigned the student role or tutor role in this context (roles that have moodle/course:view set to Allow). i.e. a logged in user wasn't able to view the course (which is what I wanted to achieve), but when I logged in as a test user who was enrolled on the course then this user was also prevented from viewing the course. Presumably this is because they also have the Authenticated user role by default and so the override I set in the course context was negating the capabilities of the student role assigned in this context.
Is my understanding of what is going on correct? Can anyone think of a way around this?
Thanks for your help.
Alison
In reply to Alison Pope
Re: What happens if a user has multiple roles in a course?Mo
by Carlos Merida Campos -
Denying the access to authenticated user seems that is something that cannot be done, as this special roles seems to have priority over the others. I had a simmilar problem with some public forums I created, in my case I assigned a specific role to all the users of the portal. A role that permits or avoids participation. I guess that this won't work for you... but I will be very interesting to know if you get to find a solution to your problem.
c
c
In reply to Alison Pope
Re: What happens if a user has multiple roles in a course?Mo
by John Isner -
There is a much simpler solution. You can use the Guest access to control access to your courses. In course administration -> Settings...
- For courses anyone can see, set Guest access = allow guests without the key
- For restricted courses, set Guest access = do not allow guests in
In reply to John Isner
Re: What happens if a user has multiple roles in a course?Mo
by Alison Pope -
Hi John,
Yes this is the simplest solution but is unfortunately a bit too simple for our needs. We use the guest access settings to control whether visitors from outisde the college can see courses or not. This allows tutors to decide if external users can see courses or not. We wanted to use the authenticated user role to provide view access to all courses by default for any logged in user. We want to differentiate between two types of 'guest' in a course - those genuinely from outside the college, and those at the college but who aren't enrolled on the course. This latter group we want to give more privileges to than guests.
Alison
Yes this is the simplest solution but is unfortunately a bit too simple for our needs. We use the guest access settings to control whether visitors from outisde the college can see courses or not. This allows tutors to decide if external users can see courses or not. We wanted to use the authenticated user role to provide view access to all courses by default for any logged in user. We want to differentiate between two types of 'guest' in a course - those genuinely from outside the college, and those at the college but who aren't enrolled on the course. This latter group we want to give more privileges to than guests.
Alison
In reply to Alison Pope
Re: What happens if a user has multiple roles in a course?Mo
by Steve Power -
Alison
Did you find a way through this? In my experimenting I find that a course open to guest access will allow authenticated users to see it without enrolling but if guest access is not allowed then authenticated users are prompted to enrol when they try to access the course.
I would like some courses to allow access to authenticated users but not to guests and I cannot work out how to achieve this.
Steve
In reply to Steve Power
Re: What happens if a user has multiple roles in a course?Mo
by John Isner -
I would like some courses to allow access to authenticated users but not to guests
To prevent Guests, choose "Do not allow guests" in your course settings. Given the default role definitions, an Authenticated User can only enter the course by enrolling. By enrolling, the user acquires the additional role of Student in the course. But you already know that. I have a feeling you'd like the Authenticated user to be able to view the course (much like a Guest) WITHOUT enrolling.
You could override Authenticated user globally, giving it the same permissions as Guest (i.e., allow to view blogs, assignments, quiz information, etc.), but you would be opening all courses to Authenticated users, not just to selected ones.
If you override Authenticated user in a Category context, giving Guest-like permissions, then Authenticated users will be able to enter all courses in the category without enrolling, or at least I think it should work that way. It's worth an experiment.
To prevent Guests, choose "Do not allow guests" in your course settings. Given the default role definitions, an Authenticated User can only enter the course by enrolling. By enrolling, the user acquires the additional role of Student in the course. But you already know that. I have a feeling you'd like the Authenticated user to be able to view the course (much like a Guest) WITHOUT enrolling.
You could override Authenticated user globally, giving it the same permissions as Guest (i.e., allow to view blogs, assignments, quiz information, etc.), but you would be opening all courses to Authenticated users, not just to selected ones.
If you override Authenticated user in a Category context, giving Guest-like permissions, then Authenticated users will be able to enter all courses in the category without enrolling, or at least I think it should work that way. It's worth an experiment.
In reply to John Isner
Re: What happens if a user has multiple roles in a course?Mo
by Steve Power -
John
Thank you for this. I will give it a try and report back. One of my earlier attempts to give authenticated users access to courses ended up with all logged in users seeing all visible courses in their My Moodle page! Needless to say I undid this.
The problem we have is that we want users to be able to see what is going on in other courses but it gets very confusing for the course team if they have enrolments from users who are not their students.
Thanks again
Steve
In reply to Steve Power
Re: What happens if a user has multiple roles in a course?Mo
by John Isner -
Authenticated users (with Guest-like permissions added) should not show up as Participants in a class because they do not enroll. The whole point of this exercise, as I understand it, is to give users read-only access to certain elements of a course WITHOUT enrolling them. Like Guests, they leave no trace behind when they visit a course.
In reply to Yu Zhang
Re: What happens if a user has multiple roles in a course?Mo
by Kimball Findlay -
We have a need to give everyone credit for going through courses, even the admin needs a score to show that everyone has been through it. The problem even with multiple roles is to get credit for a course even if I am also the system administrator and build the course.
In our situation we use Moodle to give everyone a chance to review certain material regularly and using assessments can be sure that everyone is up to speed. But everyone needs a score even the admin and course creator.
Taking the course no score is recorded and a zero remains in the grades list for the admin. . .
In our situation we use Moodle to give everyone a chance to review certain material regularly and using assessments can be sure that everyone is up to speed. But everyone needs a score even the admin and course creator.
Taking the course no score is recorded and a zero remains in the grades list for the admin. . .
In reply to Kimball Findlay
How do you use roles to give admin a score in a course?
by Kimball Findlay -
The admin can also have the student role, and be registered for the course. When the admin takes the course the student role seems to be ignored and no score is given. wonder if there is some way for an admin to get credit for taking courses or do they need to have two accounts one for the admin and one as a student. This creates a problem needing additional email address in the user profile. Anyone got an idea how to accomplish this??
In reply to Kimball Findlay
Re: How do you use roles to give admin a score in a course?
by Ray Lawrence -
Have you assigned the administrator to the course as a student? Just tried this in 1.8.2 + and an assignment submission is registered, and the grade appears in the gradebook with only students ticked in yoursite.com/moodle/admin/settings.php?section=gradebook