Hi. I posted something similar in the General Help forum, but probably should have posted it here.
We are running multiple Moodle sites on a single server instance. Currently, each site has an assigned administrator user with full admin permissions. We would like to restrict access to several Site Administration options for these users, those being "Security", "Server" and "Development".
We created a new role called "Superuser" and assigned it the site:config capability. We quickly found out that site:config is an all-or-nothing proposition, meaning that the Security, Server, Development, Appearance, and Plugins are controlled as a group.
Our current thought is to assign these users to the Superadmin role and find someway to block the Server, Development and Appearance options. Note: Each Moodle site will have an official, secure "admin' account that that will have full administrative permissions, but only available to the IT group management the server environment.
In an ideal world, we would love to see more fine-grained capabilities, like site:appearance and site:plugins.
Short of that, does anyone have an idea or recommendation for how we can manage this?