Does anyone know why, in the default Teacher role, Override permissions for others is prevented, while Assign roles to users is allowed?
According to the Risks column, Overriding appears to be very risky (three warnings), while Assignment appears to be risk-free. Is this really true?
Suppose you are a Teacher on a course, and have both override and assign. Then you can change the definition of the Student role in that course to allow Students to do anything, and then assign yourself the Student role, and then you can do absolutely anything in that course. Hence, once you have Override, you can do almost anything in that context or below, so it is very dangerous. (The only thing you can't do is assign yourself a role at System of category level.)
Hi Tim,
Thanks for the reply! From your scenario, I now understand the risks of overriding. But won't most sites ignore those risks and permit Teacher to override Student? I mean, they'll have to simply in order to get forums to work as they did pre-1.7 (various activity options removed, pushed into capabilities).
It strikes me that it is not overriding per se that is dangerous, but rather the ability to grant greater authority than the current holder possesses, regardless of whether it is done through assignment or overriding. "Do anything" should simply not be available in the course context, and I'm sure there are many other capabilities that have no business being there.
Thanks for the reply! From your scenario, I now understand the risks of overriding. But won't most sites ignore those risks and permit Teacher to override Student? I mean, they'll have to simply in order to get forums to work as they did pre-1.7 (various activity options removed, pushed into capabilities).
It strikes me that it is not overriding per se that is dangerous, but rather the ability to grant greater authority than the current holder possesses, regardless of whether it is done through assignment or overriding. "Do anything" should simply not be available in the course context, and I'm sure there are many other capabilities that have no business being there.
But won't most sites ignore those risks and permit Teacher to override Student?
No, actually, from reading other posts here and from my own experience, I believe one of two things happen.
1. The average site admin doesn't understand roles [even after being trained by "highly qualified" trainers ] and so they don't do anything with them which includes not enabling role override capabilities. But, as we know, that results in severely restricting a teachers capabilities to manage their own courses and makes their course less effective than if they were to roll back to version 1.4, or
2. Site admins read this thread and decide it's too much of a security risk to allow role overrides, which results in severely restricting a teachers capabilities to manage their own courses and makes their course less effective.........
Steve
John, I'm visiting this thread from one that I posted on a similar topic. (http://moodle.org/mod/forum/discuss.php?d=88701#p392618)
I believe that what you suggest here--having Overriding priviledges not include the ability to grant greater authority than the current holder possesses, regardless of whether it is done through assignment or overriding. "Do anything" should simply not be available in the course context"--would solve this problem in forums.
What needs to be done to make this happen?
Lane
Hi Lane,
Yes, I think that would remove the risks.
There was a related discussion in MDL-9935. The issue initially asked why Teachers can't define roles. It got the same response: "because anyone with the capability can technically create admin roles and use them, causing potential security problems." Well duh, if the system simply prevented a user from passing on more privileges than they themselves have, it would solve the problem! Then you could let everybody define roles, even Students -- why not? And you could get rid of overrides, since anything that can be done with an override can be done better with a new role. The system would also scale better. For example, suppose you want eight different Student behaviors in the same Forum? First of all you can't do this with now with override, because you can only override the Student role once; that is, you can only have one behavior for all Students in a Forum. You have to ask the admin to create you eight roles, and clutter the global namespace with eight new names. A Teacher should be able to do this by defining eight local roles in the Forum context.
Yes, I think that would remove the risks.
There was a related discussion in MDL-9935. The issue initially asked why Teachers can't define roles. It got the same response: "because anyone with the capability can technically create admin roles and use them, causing potential security problems." Well duh, if the system simply prevented a user from passing on more privileges than they themselves have, it would solve the problem! Then you could let everybody define roles, even Students -- why not? And you could get rid of overrides, since anything that can be done with an override can be done better with a new role. The system would also scale better. For example, suppose you want eight different Student behaviors in the same Forum? First of all you can't do this with now with override, because you can only override the Student role once; that is, you can only have one behavior for all Students in a Forum. You have to ask the admin to create you eight roles, and clutter the global namespace with eight new names. A Teacher should be able to do this by defining eight local roles in the Forum context.