Rights of category manager

Rights of category manager

by Hu La -
Number of replies: 6

Dear Moodle comunity,

My moodle site has many branches/ campus in my country. System Manager have to do a lot of things instead he can have Category Manger do.

I know Moodle supply the "category manager" role  which permits a category manager to create sub category and to assign Course Create role to an authenticated user. That is not sufficient because he have to play a role of an Manager on that category. What I need help is that he can:

1) Inherit rights of system Manager on import/create/change users information.

2) Assign role teacher/ school prime mister,... to an authenticated user

What should I setup?



P/s: just option because i do now know:

 It is wonder If Moodle can supply user account on category. 

Average of ratings: -
In reply to Hu La

Re: Rights of category manager

by Howard Miller -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

1. Assign users the Manager role at Course Category level - this mostly works

2. For things that can only be done at site level (e.g. create a new user) create a new role that provides only the capabilities these Managers need and assign it to them at site level. 

But... if you have Managers at Course Category level doing site level things I suggest you think if there are better ways. For example, do you really want lots of people creating new users? Would users be better handled externally (e.g. an external database or LDAP)?

Average of ratings: Useful (1)
In reply to Howard Miller

Re: Rights of category manager

by Hu La -

1. Could you give me more detail. I think i have to create a system customised Manager (based on site manager) for example: category customised Manager, then prevent/limit some rights of that role and assign Category Mangers to that role. Is this correct?

2. The problem is, Category Manger is not a Site Manager, therefore, he can't have rights to create a new user.

The important thing here is that i want a Category Manger has some rights ( Create users and assign Roles to those users) which only Site Manager can do.

Average of ratings: -
In reply to Hu La

Re: Rights of category manager

by Howard Miller -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

You can't do it in one step... You have to assign the Manager role at the course category level. This gives you 90% of what you need. 

THEN... you also need to give the same users a site-wide role as well. This will be a completely new role and only give them the capabilities they need - for example the right to create new users. 

You can't make a role that is assigned at course category or course level that can create users because that functionality doesn't exist in those places. 

Average of ratings: -
In reply to Howard Miller

Re: Rights of category manager

by Hu La -

Thank Howard for your answer. Hopefully, you can guild me more in detail b/c I am still getting confuse. I did try:

1. Assign an user TEST as Category Manager.

2. Create a customized role ABC cloned from System Manager. add an user TEST to this ABC role.

3. Edit ABC Role to overwrite the permission: delete user (moodle:user/delete) set to Prohibit. The purpose of this action is for TEST not able to delete an existing user of other category. (TEST in ABC does not have right to delete users)

With actions (1,2,3) I am expecting that TEST can create an user account but can't delete an account which may be created by TEST_2.

However, after my actions, TEST can delete every account in the system. sad

In summary, My question is 

1. How can I prevent a System Manager do a right (deleting users for example). This is to narrow down rights of ABC. "Prohibit" seems not to be affected.

2. Combine ABC with Category Manager to create TEST with 2 roles that can be Category Manager + ABC (add TEST to these roles). This results in that TEST has some rights of Category Manager.


Thanks so much,

Hao

Average of ratings: -
In reply to Hu La

Re: Rights of category manager

by Howard Miller -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

You can't restrict the ability to delete users to only certain categories because creating and deleting users is a site-wide activity. There's no way to do that. 

I would not have cloned ABC from Category Manager. The user already has those rights at Course Category level.  ABC should be created as an *empty* role and only permit capabilities that the user must have at site level (e.g. create users). 

There are problems (which you have found)...

- some functionality only exists within a particular "level". E.g. creating an deleting users is only available at the site level.

- you can easily create scenarios which have never existed before and never been tested. You can find strange bugs. 

Average of ratings: Useful (1)
In reply to Howard Miller

Re: Rights of category manager

by Hu La -
really appreciate you, Howard Miller.

Started from an empty role with some rights & Category Manager, which works for me.

I am also aware of how to combine them and create a customised role as I need.

Best regard,

Hao

Average of ratings: -