Thanks!
Hi Matt,
You could modify the manager role and remove (unset) a bunch of course editing capabilities such as moodle/course:update. Please see the documentation Creating custom roles for details.
You could modify the manager role and remove (unset) a bunch of course editing capabilities such as moodle/course:update. Please see the documentation Creating custom roles for details.
Thank you so much for this advice. I tried it but the user can still edit courses even though I disabled all of the settings for course updates. Any further suggestions? It's really bad that a helpdesk technician can edit the courses.
| Course | |||||||
| Change course categorymoodle/course:changecategory | Allow | ||||||
|---|---|---|---|---|---|---|---|
| Change course full namemoodle/course:changefullname | Allow | ||||||
| Change course ID numbermoodle/course:changeidnumber | Allow | ||||||
| Change course short namemoodle/course:changeshortname | Allow | ||||||
| Change course summarymoodle/course:changesummary | Allow | ||||||
| Review course enrolmentsmoodle/course:enrolreview | Allow | ||||||
| Mark users as complete in course completionmoodle/course:markcomplete | Allow | ||||||
| Update course settingsmoodle/course:update | Allow | ||||||
| Category enrolments | |||||||
| Role assignments synchronised to course enrolmentenrol/category:synchronised | Allow | ||||||
|---|---|---|---|---|---|---|---|
| Course categories | |||||||
| Manage categoriesmoodle/category:manage | Allow | ||||||
| See hidden categoriesmoodle/category:viewhiddencategories | Allow | ||||||
| Category enrolments | |||||||
| Configure category enrol instancesenrol/category:config | Allow | ||||||
| Course | |||||||
| Change course categorymoodle/course:changecategory | Allow | ||||||
| Edit question categoriesmoodle/question:managecategory | Allow | ||||||
Hmm, there seems to be rather a lot of capabilities that would need to be removed.
You could try removing the moodle/course:view capability, then your helpdesk technician would not be able to enter any courses without enrolling.
However, on reflection, I think the best solution might be to create a new custom role rather than modifying the manager role. The new role should be a system role (assignable in the system context), with the capability moodle/user:update allowed. Please note that this would allow your helpdesk technician to change anything in a user's profile, not just their password.
You could try removing the moodle/course:view capability, then your helpdesk technician would not be able to enter any courses without enrolling.
However, on reflection, I think the best solution might be to create a new custom role rather than modifying the manager role. The new role should be a system role (assignable in the system context), with the capability moodle/user:update allowed. Please note that this would allow your helpdesk technician to change anything in a user's profile, not just their password.