You can customize existing or even create completely new roles. This is a powerful feature helping you to fine-tune access to parts of your Moodle. To do that, you should visit the Administration | Users | Permissions | Define roles page.
We have already explained that permissions are calculated based on all roles that a user has within a particular context. Therefore, the most appropriate approach for defining new roles should be based on all roles that a user will have in the higher context and override just a minimal subset of the capabilities.
This is best demonstrated in an example. Let us assume we manage Moodle in a school and apart from students, teachers and other faculty, staff also has course supervisors. We would like to have a set of permissions that permits these supervisors to view all of the courses without actually having to enroll into them while still be unable to modify anything.
We can accomplish this by creating a new role called supervisor. On the Define roles page click on the Add a new role button.
Fill in the basic data as shown in the following screenshot:
You can see that all capabilities have permission configured to not set. This means that it will not affect the permissions of any existing role. The permission that handles whether a user can see a course or not is called view course. Find it in the list of capabilities and click on Allow. Finish the process by clicking on the Add a new role button.
In order to use this role we should assign it on the system level (visit the Administration | Users | Permissions | Assign system roles page) or in case we group courses in several categories, then assign the role in category context. If we want the students to not see the people with this role listed in their course, we should do hidden role assignment. These assignments are only visible to administrators and teachers. On the role assignment page in a course and click on the hidden checkbox (highlighted in the following screenshot).
If we now try to access any course with this user account, the role table would look like this:
|
User |
Context |
Role |
Capability |
Permission |
|---|---|---|---|---|
|
Stan Lee |
System |
Authenticated user |
course_view |
not set |
|
|
|
Educational supervisor |
course_view |
allow |
|
|
User |
|
|
|
|
|
Course category |
|
|
|
|
|
Course 1 |
|
|
|
The sum of non-set and allow permission is equal to 1 and it implies that user with role supervisor can enter the course.
The process of overriding existing roles is added to Moodle for cases where we need to slightly modify the existing role only in one context and leave it unchanged in all of the rest. Have in mind that by default only Administrators can modify and create roles. To demonstrate this we will modify the student role within forum context of a course. Go to the course where the forum resides. Click on the Turn editing on button and then on the update icon.
Now on the forum page, click on the Override permissions tab:
We click on the role we plan on changing and modify the capabilities we want to disable or enable. In this case it would be the student role.
As you can see in the previous screenshot we have highlighted two capabilities:
We mark the two capabilities enabled by clicking on the second column checkbox and et voila! Our change is done. So when a user logs in next time he would be able to rate the forum posts.
The number of capabilities displayed in the override screen depends on the context in which we perform the change. The system only displays capabilities that can be applied to that context.