Testing and QA

 
 
Bryan Dawson
M2.0 RC1 - Login As functionality
 

Testing moodle 2.0 RC1 is a massive culture shock for somebody who is used to Moodles from 1.4 onwards.  A lot of effort will need to go into making it behave like 1.9 before we can convert our academics to 2.0.

An example of this is the Login As function whereby an Admin can impersonate a user.  This is an essential and frequently used function for us.  So why was it moved to the Course Settings box, when it made perfect sense under the shortform profile display as it is in 1.9?  And why, when you click on your own name to exit the impersonation, does it throw you back to a login screen instead of putting you back at the point where you started the impersonation?

 
Average of ratings:Useful (1)
Picture of Joseph Rézeau
Re: M2.0 RC1 - Login As functionality
Group DevelopersGroup Particularly helpful MoodlersGroup TestersGroup Translators

Hi Bryan,

Apart from the technical aspect, there are ethical considerations with the Login As Moodle feature. Some years ago that feature was default-enabled on our (university) Moodle site. In my teacher role, I found it quite useful on some occasions (Login As a student to close a Quiz which was finished but student had forgotten to submit it; re-enrol a student who had mistakenly un-enrolled themselves, etc.). One day our admin decided to remove that facility, and we had a heated debate. I finally agreed that - in spite of its practicality in some cases - the impersonation is ethically not defendable, as it can lead to all kind of problems. It's somewhat equivalent to giving someone else your personal password, a practise which is strongly discouraged, for very good reasons.

Joseph

 
Average of ratings: -
Picture of Helen Foster
Re: M2.0 RC1 - Login As functionality
Group DevelopersGroup Documentation writersGroup Moodle HQGroup Particularly helpful MoodlersGroup Testers

Hi Bryan,

Regarding being logged out when you click on your own name, I understand this is done for security reasons. If you then login again, it should take you back to where you were.

We could definitely do with improving the UI so that being logged out doesn't come as a shock. Have you any ideas or suggestions? Perhaps a tool tip when you mouse over your own name?

 
Average of ratings: -
Bryan Dawson
Re: M2.0 RC1 - Login As functionality
 

Thanks Helen,

I think a tooltip with a message like 'Log out as other user and log back in as yourself' would explain what would happen without cluttering up the screen.

Like Greg, we use it as an essential support tool, for a limited number of support staff.

But i'm still unclear as to why the Login As functionality was removed from the user profile display (where it make perfect sense - this is who you are going to log in as) to a side block which in some themes could be docked?

 
Average of ratings:Useful (1)
Manish Verma
Re: M2.0 RC1 - Login As functionality
 

Hi,

This is in response to ethical consideration point. The server administrator can find out all login details of any user including the password I believe (please correct me if I am wrong). The person is considered to be responsible enough to have this capability. If teacher(s) is(are) not considered responsible enough for his/her(their) own students then who else? If a particular teacher is not responsible enough then a different role can be created for him/her without this functionality. Same applies to a group of teachers if desired.

Besides this, in case a student finds anything wrong with his/her account, he/she can report this to the school and investigation can be done and the admin can check if there was any inappropriate access.

Manish.

 
Average of ratings: -
Picture of Mark Johnson
Re: M2.0 RC1 - Login As functionality
Group Developers

Just to clarify, passwords are stored using a 1-way hash, the administrator has no way of finding out a user's password.

 
Average of ratings:Useful (2)
Me (sort of)
Re: M2.0 RC1 - Login As functionality
 

Joseph; I cannot disagree more. Our helpdesk personnel routinely use this feature to "see what the student sees". Without the feature, the helpdesk people would in essence be unable to perform their duties. In order to "see" what the student is calling in about, the helpdesk person would have to login as the student, requiring not only the userid, but the password as well. That is a far more serious security breech than logging in as the student, as now the student's password is compromised, and perhaps his/her password scheme.

I can understand disabling Login As by default, but to eliminate the functionality, in my opinion, is going to seriously hamper the viability of the product.

 
Average of ratings:Useful (1)
Picture of David Mudrák
Re: M2.0 RC1 - Login As functionality
Group DevelopersGroup Documentation writersGroup Moodle HQGroup Particularly helpful MoodlersGroup Translators

And why ... does it throw you back to a login screen instead of putting you back at the point where you started the impersonation?

There is a strong security related case that student could gain teacher's or even admin's rights when the auto-returning feature would be still available. The development team decided to go the lesser evil way and therefore now the relogin is required after masquerading. We were aware of the usability drawback but please believe it was done for really good reasons and it is protecting your site.

 
Average of ratings: -
Picture of Joseph Rézeau
Re: M2.0 RC1 - Login As functionality
Group DevelopersGroup Particularly helpful MoodlersGroup TestersGroup Translators

Thanks for the info, David.

 
Average of ratings: -
Picture of Petr Škoda
Re: M2.0 RC1 - Login As functionality
Group DevelopersGroup Documentation writersGroup Moodle HQGroup Particularly helpful Moodlers
If Moodle was a banking software we would have to log out user and force them to close the browser completely...
 
Average of ratings: -
Picture of Leandro Vilante
Re: M2.0 RC1 - Login As functionality
 

Hi everyone

This may happen if someone leave the computer while logged in, doesnt matter if using that functionality or not. In either way the fault is of the administrator not of the system, and i believe the programmers could let it as it was at versions 1.9.x.

The ethical reasons seems more justifying, but as Manish said, if someone is an administrator is because it is also responsible, and if a pointed problem appears, the consequences shall come to him/her, soon or later.

Leandro

 
Average of ratings: -
Picture of Rob Monk
Re: M2.0 RC1 - Login As functionality
 

Moodle is not a bank.

Our humble high school is not a high stakes University. 

I want my teachers to be able to login as a student and not only see the course they teach but all courses the student is enrolled in. 

This is particularly important for our "Learning Group" teachers. They have a pastoral role with students. They need to be able to see exactly what is going on with a student across all courses. Logging in as the student is the quickest and most accurate way to do this. 

How do I set up this via roles?

It must be able to be done because, as an admin, I'm able to log in as any student. How do I give this power to my teachers. 

 
Average of ratings:Useful (1)
Mary Cooch
Re: M2.0 RC1 - Login As functionality
Group Documentation writersGroup Moodle Course Creator Certificate holdersGroup Moodle HQGroup Particularly helpful MoodlersGroup TestersGroup Translators

I think you could possibly do this by creating a site wide role based on the teacher and giving them the loginas facility (though I haven't tried it myself so can't guarantee itsmile) Make a new role via Settings>Site administration>user>permissions>define roles. Base it on the teacher role and make sure it  has "system" checked in the context section. Then edit it and search for "loginas" and check the box to allow this facility for this role. You would then have to manually assign this role to just your Learnig group of teachers.

However, I agree with those in the earlier thread who questioned the morality (and security) of being able to log in as others. I am based in a regular secondary school too and only admins can "log in as.."We might possibly consider the mentor(parent) role if we needed to do the same as you. Have you thought of that?

 
Average of ratings: -
Picture of Rob Monk
Re: M2.0 RC1 - Login As functionality
 

We did this already. All our teachers are assigned the role of Rubric Sharer at the system level. ( So they can share rubric templates). We tried to add the login as permission to this role but it still only works for admins. 

 
Average of ratings:Useful (1)
Picture of Itamar Tzadok
Re: M2.0 RC1 - Login As functionality
Group DevelopersGroup Documentation writersGroup Particularly helpful Moodlers

You also need to consider that login as sessions record in the log actions the student did not actually do. For instance, if the teacher logged in as the student enters an activity/resource the student did not enter, the log will show that the student entered that activity/resource. This may distort later analyses of the student's actions. smile

 
Average of ratings:Useful (1)
Mary Cooch
Re: M2.0 RC1 - Login As functionality
Group Documentation writersGroup Moodle Course Creator Certificate holdersGroup Moodle HQGroup Particularly helpful MoodlersGroup TestersGroup Translators

Indeed -see MDL-34445

 
Average of ratings: -
Ben talking on the phone beside a monitor
Re: M2.0 RC1 - Login As functionality
Group Particularly helpful MoodlersGroup Testers

I'm in a totally distance ed environment. We give teachers the capability to login as so that, when a student's file upload to an assignment fails, the teacher can upload the file logged in as the student.

We also use login as to troubleshoot tech issues that are peculiar to that user. Usually, it's an IE browser issue.

We also, as Joseph noted above, use login as to close quizzes left unsubmitted by students.

Itamar is correct that login as can distort user behavior, for example by uploading the same file several times, but, in my experience not all actions are recorded (at least, not in logs viewable by teachers) for the person logged in as.

There may be ethical issues with login as, but, IMO, they are more theoretical than practical. I've been hiring teachers since the 80's, and I've not yet managed to hire a psychopath who intentionally damaged a student's record (for example, by posting lies to a forum). I like to believe that I would recognize someone like that in the hiring process.

 
Average of ratings:Useful (1)
Picture of James D
Re: M2.0 RC1 - Login As functionality
 

I understand the practicality of having that ability, but it is in no way theoretical as to the problems it can cause. I would hope that we would all recognized people like that before we allow them into our organization. However, I have yet to hear of anyone wearing their "I am a psycho" t-shirt to an interview. The whole reason we have passwords and locks on our doors is because someone has abused that access in the past and steps have been taken to set boundaries. One day a student may claim they have submitted something and it was changed, deleted, or something else when it never happened, but since an administrator had logged in at some point there is no way to definitively prove who did it. I like the idea of having the log reflect the change was from an administrator rather than the actual student.

 
Average of ratings: -
Dot
Login As functionality in 2.5 ?Where?
 

This is still an issue in Version 2.5

As admin for my Organisation I am leaping from 1.9 to 2.5 and this function is vital for how my organisation uses Moodle.

In my test site:

  1. I have looked in the Course Admin and can't see how to do it there as was suggested in the first post.
  2. I have set the 'login as' permission for myself as the administrator - in the system context but can't find a 'login as' link anywhere
  3. I have done the same for a teacher role and still can't find a 'login as' link anywhere

Has this option been completely blocked in 2.5?

 

 
Average of ratings: -
Davo
Re: Login As functionality in 2.5 ?Where?
Group DevelopersGroup Particularly helpful Moodlers
The option has moved since 1.9 - have you checked the new location? http://docs.moodle.org/24/en/Accounts_FAQ#How_can_I_log_in_as_another_user.3F
 
Average of ratings:Useful (1)