Restricting category Admins from other cohorts

Restricting category Admins from other cohorts

by Brian Gaehring -
Number of replies: 2

Our site is split into several Course Categories (schools). Each school has Category Cohorts which assign the related students and teachers to their courses.Each school has a school Administrator, which adds new students to their cohorts, removes students, and manages the related courses. However, the school admins should only have access to their own Category Cohorts, not the cohorts of other schools. (They should not be able to view the scores of students in another school.)

It has been determined that in order to give the school admin the permissions to do the above activities, they can potentially assign themselves into a Manager cohort in another school. This would allow them to view the scores of another school's students. (Any course that the selected Teacher/Manager cohort has rights to view.)

Is there a permissions setting which we could use to allow them access to the students in one Course Category, while denying them access to other categories?

Thank you for your help.
Average of ratings: -
In reply to Brian Gaehring

Re: Restricting category Admins from other cohorts

by John Gifford -

Hi Brian

I'm not entirely certain I understand your setup but I'll give it a shot...

The school admin has the ability to add students and teachers to cohorts within their own school (Category level cohorts). But they also apparently can add or get themselves added to the manager cohort of another school? And you don't want them to have that ability? or you do but want to restrict what they can access?

Well I may be wrong in this, but I think I would set the Manager cohorts on the site level, then only a site admin "should" have the permission to modify the membership of those cohorts, something your school admins wouldn't have. So, the school admin for school 1 would then have to request membership of the manager cohort for school 2 from the site administrator and supply whatever justification is required.
The school cohorts then are the students and staff that the individual school admins have permission over (category level cohorts). If a school admin in school 1 were then to open school 2 they could view category and course titles, but as long as cohort sync is the only method of enrolment on any course they would not be able to view anything else, they would be classed as a student in school 2...not an admin, and would not be a member of any school 2 cohort so would not have access to any course. Again they could request the school admin in school 2 to give them access but again such access would only be staff or student level.  The amount of data they would then be capable of seeing would be restricted.

Please let me know if this is hopelessly wrong, but I hope this has been of some help.

John Gifford

Average of ratings: -
In reply to John Gifford

Re: Restricting category Admins from other cohorts

by Brian Gaehring -

Hello John,

Thank you for the help.My school Admins were assigned their roles from the Site administration / Users / Permissions / Assign system roles. (Because the roles had been defined in the above line "Define roles” option.)

I went back and selected Site administration / Courses / Add/edit courses, clicked on the Category for the 1st School, and then Settings / Assign roles.By assigning them to the same role, but under the school's Category limited their views to only that one school.Just what I wanted it to do.

I think that this might be useful to explain in more detail on future versions of MoodleDocs.Until then, I included the steps above for others that may have the same question.

Thanks again! J

Average of ratings: -