Yes, I think that would remove the risks.
There was a related discussion in MDL-9935. The issue initially asked why Teachers can't define roles. It got the same response: "because anyone with the capability can technically create admin roles and use them, causing potential security problems." Well duh, if the system simply prevented a user from passing on more privileges than they themselves have, it would solve the problem! Then you could let everybody define roles, even Students -- why not? And you could get rid of overrides, since anything that can be done with an override can be done better with a new role. The system would also scale better. For example, suppose you want eight different Student behaviors in the same Forum? First of all you can't do this with now with override, because you can only override the Student role once; that is, you can only have one behavior for all Students in a Forum. You have to ask the admin to create you eight roles, and clutter the global namespace with eight new names. A Teacher should be able to do this by defining eight local roles in the Forum context.
Roles and permissions
A question about the default Teacher role
This discussion has been locked because a year has elapsed since the last post. Please start a new discussion topic.