I changed the sync setting so Managers are no longer synced - which means that these deregistered students can no longer access (and edit!) the parent course (they appear as Inactive Managers in the Enrolled Users table) - but I remain very concerned about how this could have happened.
I have noticed that this is happening too.
Here's the low down:
- User has 'student' role in child course, but enrolment is expired by date parameters. Other users have 'student' role in child course and their enrolment is active.
- Add meta-course enrolment to the parent course, choose the child course to link.
- Users with 'student' role and are active in the child course are enrolled as 'students' in the parent course, but users with expired enrolment and the 'student' role in the child course are enrolled as 'managers' in the parent course and their enrolment is 'disabled'.
This means that students can still access the parent course, but with elevated permissions allowing them to edit the course etc.
Did you find a solution, or can a fellow forum member contribute? We're currently on M2.8.
I think the security issue MDL-50744 could explain some things. Perhaps you already received this information if you've registered your site.
Thanks for this, but I am afraid I can acces the issue. If this is a known bug that would be a relief - as I having failed to find more information my mind was wondering into corrupt database territory...
Being a security issue, and even if resolved, it's not visible yet, time to let administrators update there Moodle instances. It should be accessible in a week.
But, as i said previously, if you registered your site, you should have received details by email...
Sorry I missed this before. I did something which was more panicked damage control than a solution:
I duplicated the Manager role and assigned those who should be Managers to the role - then removed all capabilities from the Manager role.
Do you or anyone else have a better solution? To my mind this is a very serious security issue.