Thanks!
Hi Matt,
You could modify the manager role and remove (unset) a bunch of course editing capabilities such as moodle/course:update. Please see the documentation Creating custom roles for details.
You could modify the manager role and remove (unset) a bunch of course editing capabilities such as moodle/course:update. Please see the documentation Creating custom roles for details.
Thank you so much for this advice. I tried it but the user can still edit courses even though I disabled all of the settings for course updates. Any further suggestions? It's really bad that a helpdesk technician can edit the courses.
Course | |||||||
Change course categorymoodle/course:changecategory | Allow | ||||||
---|---|---|---|---|---|---|---|
Change course full namemoodle/course:changefullname | Allow | ||||||
Change course ID numbermoodle/course:changeidnumber | Allow | ||||||
Change course short namemoodle/course:changeshortname | Allow | ||||||
Change course summarymoodle/course:changesummary | Allow | ||||||
Review course enrolmentsmoodle/course:enrolreview | Allow | ||||||
Mark users as complete in course completionmoodle/course:markcomplete | Allow | ||||||
Update course settingsmoodle/course:update | Allow |
Category enrolments | |||||||
Role assignments synchronised to course enrolmentenrol/category:synchronised | Allow | ||||||
---|---|---|---|---|---|---|---|
Course categories | |||||||
Manage categoriesmoodle/category:manage | Allow | ||||||
See hidden categoriesmoodle/category:viewhiddencategories | Allow | ||||||
Category enrolments | |||||||
Configure category enrol instancesenrol/category:config | Allow | ||||||
Course | |||||||
Change course categorymoodle/course:changecategory | Allow | ||||||
Edit question categoriesmoodle/question:managecategory | Allow |
Hmm, there seems to be rather a lot of capabilities that would need to be removed.
You could try removing the moodle/course:view capability, then your helpdesk technician would not be able to enter any courses without enrolling.
However, on reflection, I think the best solution might be to create a new custom role rather than modifying the manager role. The new role should be a system role (assignable in the system context), with the capability moodle/user:update allowed. Please note that this would allow your helpdesk technician to change anything in a user's profile, not just their password.
You could try removing the moodle/course:view capability, then your helpdesk technician would not be able to enter any courses without enrolling.
However, on reflection, I think the best solution might be to create a new custom role rather than modifying the manager role. The new role should be a system role (assignable in the system context), with the capability moodle/user:update allowed. Please note that this would allow your helpdesk technician to change anything in a user's profile, not just their password.