Excellent question, I have this feeling I have seen it before.
I was thinking you might create certificate types and not have any signatures to select because they would be hard coded in the certificate type. But that would not prevent a Biology teacher from selecting the Math Department certificate for their course.
Ideally, we want 2 roles to be able to create/edit a certificate (site admin and perhaps a role called CertificateCreator). But I do not know the code which will basically block the calls when my localhost teacher adds or updates a certificate :
I would like to learn something about this myself. I was guessing the /certificate/db/access.php might be a place but I absolutely do not understand this kind of stuff
PS did a search on access.php and found Tim Hunt suggested this link: