How to restrict profile/course information access based on roles within Moodle Cloud (without Plugin)

How to restrict profile/course information access based on roles within Moodle Cloud (without Plugin)

by David Craven -
Number of replies: 5

I am struggling to make the role restrictions work in the way I would like to support a local charity within Moodle Cloud. I have tried to use the Define Roles and the Allow to view checkboxes, to only show the corresponding centre role for the Admin role but that doesn't seem to work. 

Goal:
To only show user profile information & course participant data to the matching Learning Centre Admin for for that centre.

Overview:
There are 8 different learning centres which share the same courses, so I am trying to restrict access so that each Learning Center Admin can only see the participants related to their centre as well as only see their user profile information including within reports.

Other context:

  • There are 130 courses under one Course Category and there is over 650 students assigned to multiple different courses.
  • There are 8 different student roles which correspond to a different learning center names e.g "Atlas Student", "Falls Student" etc
  • There are 8 corresponding teacher roles for the admins at each center so they can just view the users within their center.
    E.g  "Atlas Admin" should only see user participant & profile information who have "Atlas Student" role
    E.g  "Falls Admin" should only see user participant & profile information who have "Falls Student" role

Hopefully that explains things enough but happy to share more info smile 

Average of ratings: -
In reply to David Craven

Re: How to restrict profile/course information access based on roles within Moodle Cloud (without Plugin)

by Christian Morales -
Picture of Moodle HQ Picture of MoodleCloud team
Hi David,

I understand that you've given the Admin role to the person in charge of overseeing each Learning Centre. As you can see in the article Site administrators, "site administrators have permissions to do anything (...)  the role itself cannot be edited (...) It is recommended that you don't have lots of admins on your site."
 
In this case, you may want to use Groups instead. There's a good discussion about this in the Teaching with Moodle forum: Restricting a teacher's visibility of content to only their group. It may give you a solid starting point.
 
Best regards,
Christian
Average of ratings: Useful (2)
In reply to Christian Morales

Re: How to restrict profile/course information access based on roles within Moodle Cloud (without Plugin)

by Mary Cooch -
Picture of Documentation writers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Testers Picture of Translators
Hello David. First of all you don't need different student roles - just use the generic student role and as Christian said, explore the 'Groups documentation. 

I wonder what particular 'powers' your learning centre admins need to have? Because if they just need to have the editing Teacher or even  Non-editing teacher rolein the course then look at the documentation FAQ question: How do I restrict a teacher to view only information about the groups that they are in?

Also if you need more information about roles, then there is a free Moodle Academy course: Moodle Role Management.
Average of ratings: Useful (1)
In reply to Mary Cooch

Re: How to restrict profile/course information access based on roles within Moodle Cloud (without Plugin)

by David Craven -
Thanks Mary for responding :D

Yes I used the Student archetype for each of the student roles, the reason I named them after each centre was so that I could easily identify the users easily.

I will change the archetype for Center Admins to Teacher or Non-Editing Teacher role, as I wasn't aware of the limitation of changing admin roles to have less permissions. So all the Center Admins need to be able to to do is:
- Ability to only see the user profiles who are affiliated to their centre
- Ability to only be able to add the users who are affiliated to their centre as a participant to a course
- Ability to add a new user to the system and be able to assign them the right student role
- Ability to view and change the profile information of a user assigned to their centre (just the custom fields and possibly email address)
- Ability to run reports and see only the students affiliated to their centre

I have looked into the groups but it seems you have to create groups for each course, so Groups only exist at course level so I would literally have the same 8 groups for all 130 courses which seems very cumbersome and hard to manage. I haven't been able to see any imports where I bulk import users to be in a group.
Average of ratings: -
In reply to David Craven

Re: How to restrict profile/course information access based on roles within Moodle Cloud (without Plugin)

by Mary Cooch -
Picture of Documentation writers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Testers Picture of Translators
Hello again David. To be honest I don't think you can do exactly what you want to do with standard Moodle LMS - of which MoodleCloud is an example. 
Teachers can't by default add new users to the system. Admins and those with the Manager role can do this, but it is not possible to restrict visiblity to just their centre.

How difficult is it for you or one trusted admin to do a regular upload of users from various centres via CSV? In the CSV file you can include the Group field ( and if the group is not yet made, then Moodle will create it so you don't have to. You can then use a regular Teacher or non-editing teacher role in the courses and with the permission restriction mentioned previously, they will only see the users that they are responsible for in their centre. Look at the video How can I enrol groups into my courses?

However, if you don't want to do this then to have complete restrictions of each centre,  you would have to investigate something called Multitenancy which is offered by Moodle Workplace, supported by Moodle HQ like MoodleCloud . (Another possiblity is Iomad)


Average of ratings: -
In reply to Christian Morales

Re: How to restrict profile/course information access based on roles within Moodle Cloud (without Plugin)

by David Craven -
Thanks Christian for responding!

I did try to test this using Groups but it seems very tedious that groups only exist within courses and have to be manually created and manually assigned users to them when new courses get created as well as all existing courses. My ideal feature/functionality would be that we have 8 groups system-wide and then only allow the Centre Admins/Teachers to see all use information related to the users in their group. I am assuming this could only be achieved via a plugin.
Average of ratings: -