The difference between role_assignments and user_enrollments tables

The difference between role_assignments and user_enrollments tables

by Nadav Kavalerchik -
Number of replies: 4
Picture of Core developers Picture of Plugin developers Picture of Testers Picture of Translators
Revisiting a lot of my old SQL reports and updating them for Moodle 3.4, I am wondering what is the actual difference between (mdl_)role_assignments and (mdl_)user_enrollments tables, and when it is best to use them in reports.

I have looked into the code (functions and APIs), the Moodle developer docs, these forums and ask Google too, but with not so much success sad 

Dear Moodle HQ and developers, your help is appreciated smile

BTW, when coding is concerned, I am using the ROLE or ACCESS API, of course and not those tables directly.

Average of ratings: -
In reply to Nadav Kavalerchik

Re: The difference between role_assignments and user_enrollments tables

by sam marshall -
Picture of Core developers Picture of Peer reviewers Picture of Plugin developers
My understanding:

The enrolments system is best used to check if somebody 'belongs' to a course. Usually this would mean you are a student, teacher, or other member of staff specifically related to that course.

The role assignments are used to control permissions on that course. I think you can probably have role assignments even if you don't have an enrolment. You can also have roles in a parent context which might affect permissions on the course. Obviously, you can have multiple roles on a course, and there may be many custom roles with different permissions in a Moodle system.

Fundamentally in terms of user access, it all depends on your role assignments and not enrolments, with one exception (this is a summary from memory - I am leaving out logic relating to hidden courses etc). In order to access a course you need to EITHER have moodle/course:view OR be enrolled in the course.

So basically, do you want to list everyone in a course? -> use enrolments (but be aware that there will be some people, like system admin and maybe others, who can access the course without being on that list).

Do you want to check if somebody has access to something? -> use role assignments/capabilities (but in some cases you might also need to take enrolment into account).

Not sure if I covered everything here...

--sam



Average of ratings: Useful (2)
In reply to sam marshall

Re: The difference between role_assignments and user_enrollments tables

by Nadav Kavalerchik -
Picture of Core developers Picture of Plugin developers Picture of Testers Picture of Translators

Thank you Sam! that makes a lot of sense to me, and reassures  most of what I was already imagined about it. now, it feel more solidified wink

As I was initially looking for a formal Moodle HQ answer in the developer wiki, now I am Looking for the proper place to add that information, and maybe add some SQL queries to support it.

Average of ratings: -
In reply to Nadav Kavalerchik

Re: The difference between role_assignments and user_enrollments tables

by Michael Aherne -
Picture of Core developers Picture of Peer reviewers Picture of Plugin developers

My understanding of this is that user_enrolments asserts only that a person is enrolled on a course, without any notion of what role or permissions they have on that course. On the other hand, role_assignments is not specific to courses and defines what roles users hold at different security contexts.

I guess if your reports are about users on a course in any way you would join to user_enrolments, and if you need further information on what roles they have in the course you can also join to role_assignments.

Average of ratings: -
In reply to Michael Aherne

Re: The difference between role_assignments and user_enrollments tables

by Nadav Kavalerchik -
Picture of Core developers Picture of Plugin developers Picture of Testers Picture of Translators

Thanks Michael, most helpful! (together with Sam's comment above)

Average of ratings: -