I just realised that a user can have multiple roles in a course - he was supposed to be a tutor but was also a student. Now, I had overwritten the student role for a forum, which worked fine, but him being a tutor was ignored on that forum i.e. he was treated as a student by moodle.
Now, what is the benefit of allowing multiple roles per user in a course? How does moodle evalute the permissions when this happens? (the more restrictive role, for example?)
The roles system is designed to handle multiple roles. Basic resolving at the same context level (say a student role and teacher role assigned to a user in a course) are resolved by summing sum the permissions (inherit = 0, allow = 1, prevent = -1, prohibit = -1000). So when you have both a student role and a teacher's role in a course, your overall capabilities will be that of a teacher. There are many advantages of that, for example if you have a student role and a moderator role assigned at the same course, you will have the ability to moderate forums.
However, capabilities assigned at a lower context level will always override a higher context level, for instance if you have a student role assigned in the course, and a forum moderator role assigned at a forum, and the moderator role has some capabilities that conflicts with your basic student role in the course, your forum moderator role would win. The only exception is if you set anything to prohibit in a higher context, it will get passed down to lower contexts. The basic calculation is
c1 * 100 + c2,
c1 being the contextlevel in which you are assigned a role, c2 being the contextlevel where you have an override for that role. In your case, you have an override for student in a forum, it would work out to be 50*100+70 = 5070. You teacher role would have a sum of 50* 100 = 5000, so the capability of student override, being 5070, will win.
You can either
1) remove him from student role in the course, or
2) add overrides for teacher's role in the forum, or
3) assign him a teacher's role in the forum (gives you a level of 70*100 = 7000)
thank you very much for this very clear and instructive answer. I am almost understanding this now
There is no point in assigning both the roles of teacher and student in the course context, however you could assign the role of student in the course context and assign the role of teacher in a module context. For example, you could give a student forum moderator abilities by assigning them the role of teacher in the forum.
Thanks so much for your reply! I know it sounds crazy to make someone both a student and a teacher in a course. My idea was, as a way of getting our teachers to starting working in the Moodle system, to create a class in which they would each create resources in which they would talk about themselves (say a little about their background, interests, whatever) and also create an "assignment" or quiz or something that other teachers would take. Perhaps there is another way to do this other than making them all both teachers and students? Thanks for any help.
Thanks for explaining why you want to assign both the roles of student and teacher in the course context. As I understand it, this will enable users to do everything that is allowed for students and everything that is allowed for teachers. However, it may result in teachers being confused.
Instead, perhaps you could set up two demo courses, one where teachers are assigned the role of teacher and one where teachers are assigned the role of student. You could also suggest to teachers that they try using the "Switch role to..." feature (at the top of the course page) for checking how things look as a student.
Any thoughts? My experience has been two different roles for one person within the same context just often leads to confusion and problems...
I will, of course, bow to someone who has superior experience & knowledge.
I need to have access as both since I work for a hospital and we use Moodle as our e-learning site. I create the content, but also need to be "tested" in it for JACO purposes. But, when I try to take the quizzes, no grade shows for me. How do I get the grade to show up and not have to manually input it each time?
We are having the same problem here. We have site-wide Managers who manage students in other courses, but in one particular course, they are enrolled as students. However, none of the quizzing/grading is being recorded because of their Manager role
It seems to me like I should just be able to remove their Manager enrollment for just this course in the Enroll User interface, but this is not an option.
I'm still waiting to find a definitive answer to this, but so far all I've seen is the suggestion that the Manager should just have a separate student account where they do all their personal training.
Does anyone have any guidance on this? Moodle 2.1
If a role is site-wide, removing it for one course would suddenly make it "not-site-wide" and it seems like Moodle has been designed very carefully to avoid that kind of problem.
I would agree with the other advice you've found that the best (and simplest) course of action for your particular situation is to create a separate account for administrative-type things that require site-wide access. From an organizational/accountability/security standpoint, it's better to have as clear a separation as possible between administration and simple usage.
Thanks Glenn, for the confirmation, and the advice.
The other solution that would work is: Alter the permissions on the Manager role in this one course/quiz, to remove the mod/quiz:preview capability. However, a separate log-in is probably simpler.
We want any logged in user to have read only access to any course. This helps with making course selections. Once enrolled on the course a user can participate fully (95% of our enrolments are via our student record system using the external database enrolment plugin). However there are some courses that should not be available even on a read only basis to logged in users, and some courses that should not be available unless you self enrol using an enrolment key.
To try and achieve this I have:
Set the moodle/course:view capability for the Authenticated User to Allow
Set the defaultuserroleid user policy to Authenticated User so anyone who logs in should have this role across the system.
This works OK, anyone who logs in can view any course but can't participate unless they are enrolled and therefore have the student role in the course context. The problem comes when trying to prevent access to the few courses that need to be closed.
I tried setting an override in these courses so that the moodle/course:view was set to prevent for the Authenticated user. The problem with this is this then prevents anyone viewing the course even if they are assigned the student role or tutor role in this context (roles that have moodle/course:view set to Allow). i.e. a logged in user wasn't able to view the course (which is what I wanted to achieve), but when I logged in as a test user who was enrolled on the course then this user was also prevented from viewing the course. Presumably this is because they also have the Authenticated user role by default and so the override I set in the course context was negating the capabilities of the student role assigned in this context.
Is my understanding of what is going on correct? Can anyone think of a way around this?
Thanks for your help.
- For courses anyone can see, set Guest access = allow guests without the key
- For restricted courses, set Guest access = do not allow guests in
Yes this is the simplest solution but is unfortunately a bit too simple for our needs. We use the guest access settings to control whether visitors from outisde the college can see courses or not. This allows tutors to decide if external users can see courses or not. We wanted to use the authenticated user role to provide view access to all courses by default for any logged in user. We want to differentiate between two types of 'guest' in a course - those genuinely from outside the college, and those at the college but who aren't enrolled on the course. This latter group we want to give more privileges to than guests.
Did you find a way through this? In my experimenting I find that a course open to guest access will allow authenticated users to see it without enrolling but if guest access is not allowed then authenticated users are prompted to enrol when they try to access the course.
I would like some courses to allow access to authenticated users but not to guests and I cannot work out how to achieve this.
To prevent Guests, choose "Do not allow guests" in your course settings. Given the default role definitions, an Authenticated User can only enter the course by enrolling. By enrolling, the user acquires the additional role of Student in the course. But you already know that. I have a feeling you'd like the Authenticated user to be able to view the course (much like a Guest) WITHOUT enrolling.
You could override Authenticated user globally, giving it the same permissions as Guest (i.e., allow to view blogs, assignments, quiz information, etc.), but you would be opening all courses to Authenticated users, not just to selected ones.
If you override Authenticated user in a Category context, giving Guest-like permissions, then Authenticated users will be able to enter all courses in the category without enrolling, or at least I think it should work that way. It's worth an experiment.
Thank you for this. I will give it a try and report back. One of my earlier attempts to give authenticated users access to courses ended up with all logged in users seeing all visible courses in their My Moodle page! Needless to say I undid this.
The problem we have is that we want users to be able to see what is going on in other courses but it gets very confusing for the course team if they have enrolments from users who are not their students.
In our situation we use Moodle to give everyone a chance to review certain material regularly and using assessments can be sure that everyone is up to speed. But everyone needs a score even the admin and course creator.
Taking the course no score is recorded and a zero remains in the grades list for the admin. . .