Cannot get new role to work

Cannot get new role to work

by Leon Erasmus -
Number of replies: 3

I created a role called AddUser with which a user can manually create a user on Moodle, then manually enroll that user on one specific course. This role must also allow for upload via CSV file. The user role must otherwise be similar to that of Student, with no other admin or editing permissions.  I have:

Site Administration -> Users -> Permissions -> Define roles -> Add a new role:

Role archetype: Student

Context types where this role may be assigned: System, Course

Allow role assignments: student

Alloow role overrides: nothing selected

Allow role switches: nothing selected

Capability: The only Permissions set as "Allow" are:

Upload new users from filemoodle/site:uploadusers = allow

Create usersmoodle/user:create = allow

Manage user enrolments manuallyenrol/flatfile:manage = allow 

(not sure what the implication here is)

Enrol usersenrol/manual:enrol = allow

Manage user enrolmentsenrol/manual:manage = allow 

(again not sure what the implication here is)

Assign roles to usersmoodle/role:assign = allow

Then on the Allow roll assignments tab, this role can assign student.

Then on Site administration, Users, Permissions, Assign system roles, I have select somebody from the "Potential users" list on the right and added the name to the left panel.

When I log in as that user, the user can assign somebody to the course, but not first create the user on the system neither load users via a CSV file.  

What am I missing? Any ideas would be welcome.

Average of ratings: -
In reply to Leon Erasmus

Re: Cannot get new role to work

by Leon Erasmus -

My apologies, the Moodle version is 3.2.2+

Build 20170316

Average of ratings: -
In reply to Leon Erasmus

Re: Cannot get new role to work

by Helen Foster -
Picture of Core developers Picture of Documentation writers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers Picture of Translators

Hi Leon,

While allowing for a multitude of possibilities, roles and capabilities can be very complicated, with certain capabilities requiring other capabilities to be allowed. Unfortunately, without lots of testing, it's difficult to know what else you need to do to make your new role work.

Thus, I suggest you approach things in a different way: Rather than starting with the student role archetype, I suggest you start with the manager archetype, then go through un-setting all the capabilities you don't want, checking often that the user assigned the role can still create users and manually enrol them in a course.

You may like to use our Moodle sandbox demo site (start just after the hourly reset to give yourself plenty of time), logging in as an admin in one browser and as a manager in another browser. You can then edit the role of manager as admin, save your changes, then refresh the page for the manager and see how things are. In this way, you can efficiently determine exactly which capabilities are needed for your custom role. When you're done, you can even export the role and import it to your site.

Best wishes, and please report back on how you get on!

Average of ratings: Useful (1)
In reply to Leon Erasmus

Re: Cannot get new role to work

by Randy Thornton -
Picture of Documentation writers

Leon,

The answer is to Allow the moodle/site:uploadusers capability for that role, which controls the ability to Upload users to the site.

HOWEVER -

That capability grants enormous power to the user, including the ability to delete, suspend, rename, create, and edit all profile fields for any user (except a Site administrator) using csv file uploads. It does not grant them the ability to use Browse list of users.

See the recent discussion here for details:

https://moodle.org/mod/forum/discuss.php?d=348473&parent=1410304


Average of ratings: -