moodle:site/doanything - on coures category level insted of sit level. Consequences?

moodle:site/doanything - on coures category level insted of sit level. Consequences?

από Adam Pawelczak -
Αριθμός απαντήσεων: 1
Hi,

I was looking for solution for giving certain person the rights to do anything in the courses within certain course categories without displaying them in "My courses" list.

I have found "moodle:site/doanything" permission. I have created new role with this permission and assigned it to user on category level.

It seems to work great:
  1. In "My courses" list appears only those courses into which this user is enrolled or is a teacher etc.
  2. User don't have access to system wide parameters
  3. User can do anything in all courses within the category.
There is only one problem.
In documentation I have found :

"Note: This capability should only be assigned in the system context i.e. as a system role. Overrides for this capability should not be set. "

Does it mean there are any risks in using this permission on course category level instead of site level?

Regards
Adam Pawełczak
Μέσος όρος βαθμολογίας: -
Σε απάντηση σε Adam Pawelczak

Re: moodle:site/doanything - on coures category level insted of sit level. Consequences?

από Andreas Vollmer -
Hi Adam,

we use this construction for our supporters, and it works fine - at least for a very restricted group. Actually "doanything" is 007 and does include everything, deleting courses, blend in user activities and so on and should therefore be used thoroughly, both for security and privacy issues.

You should also check the notifications for this role, which should be set to "prevented", otherwise you might receive quite a lot of them from all courses of this category gemischt, cf. this discussion.

Best, Andreas
Μέσος όρος βαθμολογίας: -