I am Jaswant, I want to create an another admin account who have some limited rights (like user related rights) that is he can add a new user or can upload users from a text file. Can anybody please help me so that I can continue with my work.
- Site Administration -> Users -> Permissions -> Define roles
- at bottom of page, press "Add a new role" button
- Name: LittleAdmin
- select "LEGACY ROLE Administrator" from the Legacy role type dropdown list
- go down the list of capabilities and click prevent for those you want to deny to the LittleAdmin
- Site Administration -> Users -> Permissions -> Assign global roles
- click LittleAdmin
- Add the designated user's name from the right box to the left box using the arrow button
Please note that selecting a legacy role type in 1.8 does NOT provide a new role with all capabilities of a pre-Moodle 1.7 role. The drop-down menu is due a help pop-up, but in the meantime, please check the information about legacy role types here: docs.moodle.org/en/Manage_roles.
In Moodle 1.8 onwards, a new role based on a predefined role may be quickly created using the "Duplicate role" button.
So the correct advice for this discussion would have been to duplicate the predefined role Administrator, then selectively override.
Actually I have older version 1.6 of moodle, So I havn't seen these type of options.
- LittleAdmin should be able to browse freely and unnoticeably through all sites to provide support, but should be limited in some settings (like course creation, login as others, etc).
If I leave capability "Allowed to do everything" at Allow, then that person will still be able to do anything, regardless of the rest of the settings.
If I put "Allowed to do everything" to Not Set, then it forces LittleAdmin to self-enroll into the sites, which I need to avoid.
I have created a very limited helpdesk role. HelpDesk manages password resets and nothing else.
This is what I did.
- Created a user for the helpdesk (the same helpdesk account is used by all 5 staff)
- Created a helpdesk role.
- Assigned the helpdesk role globally
List of Permissions
Everything apart from thefollowing is Prohibited
Allowed to doeverythingmoodle/site:doanything
Access all groupsmoodle/site:accessallgroups
Always see full names of usersmoodle/site:viewfullnames
Update user profilesmoodle/user:update
View user profilesmoodle/user:viewdetails
View hidden details of usersmoodle/user:viewhiddendetails
Assign roles to usersmoodle/role:assign
Override permissions for othersmoodle/role:override
Edit user profilemoodle/user:editprofile
See all user postsmoodle/user:readuserposts
See all user blogsmoodle/user:readuserblogs
See user activity reportsmoodle/user:viewuseractivitiesreport
The hardest bit was finding out how to Search / Browser List of Users.
- As admin, logon as a helpdesk
- Click on any recent online user
- Edit profile (you won't be changing anything)
- Update profile
- In the admin bookmarks, "bookmark this page"
Browserlist of users is now on the front page of Moodle for HelpDesk user.
If anyone can think of improvements to this, please let me know.
If you would like the PowerPoint instructions that I have given to our helpdesk, please email me and I will email these to you. They are 300 kb (limit here is 100).
Flexible Learning Systems Support
E : James.Oxnam@nmit.ac.nz
W : www.nmit.ac.nz/FLiT
I was just re-reading this discussion and noticed your post. I was wondering exactly how your Help Desk is used. Help desks normally have read access to a site for the purposes of trouble shooting. Yours seems to focus on user accounts. Maybe this is something like first tier support for users who are having trouble logging in, need their passwords reset, etc.? I'd like to know more about how you use it, and particularly how you use the role assignment and role override capabilities.
You are right.
The only trouble shooting our help desk does at this stage is password changes. Hopefully, we will move to a universal password -- library, email AD and moodle by the end of the year. If so, I can get rid of this role.
At this stage i have not used "role and role override capabilities" for anything else apart from this mini admin helpdesk role.
I am using moodle 1.8.2, i create a role using the steps you describe and set "allow" to "course:view" capability.
One thing i am trying to avoid is to be listed on the participants list of the courses i do enter in a course, can it be done ? how it can be done ?
Thank´s in advance.
I check the hiddenassign box before assign the global role.
I also change the viewhiddenassign capability for teacher role, my helpdesk user will not change any course configuration, but we need a helpdesk role that can navigate a course and watch for logs.
Now helpdesk role is invisible in the list of participants for students and teachers.
The instructions you've given sounds very useful. I would like to try this but I need guideline from your PowerPoint if possible. My email is firstname.lastname@example.org thanks so much.
Pramuan Ng. Thaniland
I am more than happy to send you the power point.
Just to be clear. These are instructions for our help desk staff on how to change passwords.
Not how to set up the permissions in the first place, which what I think you want.
I will send these when I get to work tomorrow.