Roles FAQ

What is the definition of a…

Capability

A configurable aspect of program behavior. LMS has 100s of capabilities. Each capability has a computer friendly name like mod/forum:rate and a human-friendly name like “Rate posts.”

Permission

Permissions are paired with each capability. There are four possible permission values: Allow, Prevent, Prohibit and Not set/Inherit. (It is called not-set when defining roles and inherit when overriding permissions.)

Role

A named set of permissions that are associated with each capability. For example. the “Teacher” and “Student” roles come with the standard LMS install.

Context

A functional area of LMS. Contexts have a hierarchy. Examples of contexts include a course, activity module, or resource.

Why isn’t my role change taking effect?

Certain capabilities e.g. lms/user:changeownpassword may only be applied in the system context, so giving such permissions by assigning a role in the course context will have no effect.

Why do some users I know are in my course not appear in Participants?

Users assigned roles in a higher context, for example, users assigned the role of the teacher in the course category are technically not enrolled in the course and so will not appear in the Participants link in the Navigation block but can be found via Course administration > Users > Other users.

How can I prevent a user from changing their own password?

Using Roles

To prevent a user from changing their own password, you must make sure they do not have lms/user:changeownpassword = Allow in the System context. The Authenticated user role (which is assigned to users in the System context) has lms/user:changeownpassword = Allow by default, so you have two choices:

1. Edit Authenticated user, setting lms/user:changeownpassword = Not set
2. Create a new role CannotChangeOwnPassword with lms/user:changeownpassword = Prevent and all other permissions Not set. Choose “system” for the context type and assign the role to selected users in the System context via Settings > Users -> Permissions -> Assign system roles).

Choice (1) will prevent all users from changing their passwords (except for the administrator, who can do anything). To selectively allow selected users (say instructors) to change their passwords, you could create a new role CanChangeOwnPassword with lms/user:changeownpassword = Allow and all other permissions not set and assign the role to selected users in the System context (Site administration -> Users -> Permissions -> Assign system roles).

Choice (2) allows you to be selective, but if you have a lot of users that you want to prevent (say, all students), you will have to make a lot of role assignments in the System context. There is currently no convenient way to do this, so you might consider choice (1).

Note that you MUST deal with this permission in the System context.

Alternative solution

Go to Settings > Plugins > Manage authentication plugins. Find the ‘forgottenpasswordurl’ setting and point it to a static HTML page on your server (or even an LMS Page resource on the front page). Explain your password policy on that page. This stops users changing passwords. This applies to ALL users, however, so admins will need to fix any lost passwords for the whole site.

How can I prevent a user from editing their own profile?

See How can I prevent a user from changing their own password? The answer to this question is the same if you substitute edit their own profile for change their own password and lms/user:editownprofile for lms/user:changeownpassword.

How can I allow a “test” Student user to see courses that are hidden?

Having a test user to try out courses before you open them to regular users is useful. But if the course is hidden, then the enrolled test student will not be able to see it. The solution to this problem, if you do not wish to make the hidden course visible yet, is to create a Student tester role, a clone of the default Student role and then set the ability to see hidden courses to Allow.

• Create a new role in Settings > Users > Permissions > Define roles > Add a new role, then for Use role or archetype choose ARCHETYPE: Student (or Student if you have customized the default Student role already)
• Give the role a new shortname and full name as appropriate, e.g. student tester, Student Tester
• Change the ‘View hidden courses’ course:viewhiddencourses capability from Not Set to Allow
• Click the ‘Create this role button’

Now enroll your test student in the course using this new role instead of the Student role, and they will be able to see and work in the course as a normal user even when the course is hidden. They will not be able to see other hidden courses in which they are not enrolled.

How do I change the name for “teacher” in the course description?

Either

• Edit the role of Teacher via Settings > Users > Permissions > Define roles and rename it. The new name will apply site-wide.

Or

• Create a duplicate teacher role with an alternative name and assign users the duplicate teacher role as appropriate in the course context. In Site administration > Appearance > Course contact selects the alternative name for an instructor that you wish to be displayed in the course description when courses are listed. For example, copy the standard teacher role and call it Instructor and only show that role as the course contact.

Or

• Create a new “dummy” role (no capabilities) with those names and assign them to instructors along with the real roles. select the alternative name for an instructor that you wish to be displayed in the course description when courses are listed. For example, copy the guest role, call it Lead Teacher and make this the course contact. You may have 5 instructors in the course but only one name will appear as Lead Teacher. If nobody is assigned the role Lead Teacher, no course contact will show.

Or

• Names for different roles in a course may be changed in the Course administration > edit settings “Role renaming” fields. For example, some courses the instructor wants the title “Professor”, or “Chief” or “Mentor”.

Or

• Edit the language files and change any word you want.

How do I enable instructors to set role overrides?

1. Access Site administration > Users > Permissions > Define roles.
2. Edit the teacher role and change the capability lms/role:safeoverride to allow.
3. Click the button “Save changes”.
4. Click the tab “Allow role overrides” (in Settings > > Users > Permissions > Define roles).
5. Check the appropriate box(s) in the instructor row to set which role(s) instructors can override. Most likely it will just be the student role (you don’t want instructors to be able to override admins!), so check the box where the instructor row intersects with the student column.
6. Click the button “Save changes”.

How do I enable instructors to assign other instructors in a course?

This is disabled by default but it can be switched on by modifying the teacher’s role. In Settings > Users > Permissions > Define roles select the “Allow role assignments” tab and tick the checkbox where Teacher and Teacher intersect.

Why doesn’t “Switch role to..” within a course seem to work properly?

This feature is intended for instructors so that they can see how their course appears for users. It isn’t a reliable view, however, as some features do not display correctly when viewed by an instructor who has switched their role to a student. Certain actions (specifically submitting assignments) are excluded from working with ‘switch roles’ (as the submitted work would not be visible on the grading pages, due to the user not having the ‘submit’ permission when they have not switched roles). For that reason, it is always preferable where possible to have a “test” student log in to use.

How can I allow a non-editing teacher to “switch role to ” a student?

1. In Settings > Users > Permissions > Define roles, edit the non-editing teacher role and set the capability “lms/role:switchroles” to “allow”. This will then allow them to switch their role to a student or a guest (as defined on the Allow role switches screen.)

I accidentally deleted a default role. How do I get it back?

1. Go to Settings > Users > Permissions > Define roles and click the ‘Add a new role’ button
2. Select the role e.g. Teacher to use
3. Click continue
4. Fill in the short name and custom full name
5. Click the ‘Create this role’ button

Are there any example roles?

Yes. See the current list.

How do I enable logged-in users to participate in front page activities?

Either:

1. Go to Settings > Users > Permissions > Define roles and edit the ‘Authenticated user on frontpage’ role
2. Allow capabilities for the front page activities
3. Click the ‘Save changes’ button

Or:

1. Go to Settings > Site administration > Front Page > Front Page settings
2. Set the default front page role to student
3. Click the ‘Save changes’ button

How can I prevent users from editing their profile?

If you only want users to be prevented from editing their profile, and not all users, you can create a new role, such as Restricted user as described in the Demo teacher role, with lms/user:editownprofile set to prevent, and assign it to all users in the system context.

Alternatively, you could change lms/user:editownprofile to not set for the Authenticated user role, then create a new role for instructors with lms/user:editownprofile set to allow.

Why can’t I add instructors or users site-wide in LMS?

You can, however, instructors and users typically work in one or more individual courses. It is unusual for a user to be studying every single course on your LMS and unusual for an instructor to be teaching every single course. Therefore, the default LMS does not use these as system-wide roles. The Manager role might be one that makes sense to assign on a system or category context.

To assign an instructor or user site-wide

1. Go to Site administration > Users > Permissions > Define roles and edit the role to include the system context.
2. Then search for and allow the capability lms/course:view
3. Then assign users to this role via Settings >Users>Permissions>Assign system roles

It might be preferable to create a new role based on the instructor or user and assign this in the System context. Then assign individuals to that role.

Why isn’t my custom role listed as an available role for assigning?

When adding/editing a custom role, be sure to pick one or more context types where the role may be assigned.

How can I set a role back to default?

1. Go to Settings > Users > Permissions > Define roles and click on the name of the role
2. Click the Reset button
3. Select items for reset as desired
4. Click the continue button.

Permissions don’t seem to be working correctly. What can I do?

It is recommended that permissions for each role are reviewed and set according to the role archetype.

1. Go to Settings > Users > Permissions > Define roles and click the edit icon opposite a role
2. Click the ‘Show advanced’ button to reveal the different permission settings
3. Review permissions (filtering for particular permissions as appropriate) and, unless there is a good reason to do otherwise, change permissions so that all are set to the highlighted value
4. Click the ‘Save changes’ button
5. Repeat steps 1 to 4 for each role

Is there a role that can be safely used for a government inspector/supervisor?

The SEPE role is used for a (Spanish) government supervisor who can access all LMS courses without being able to change anything. It can be used in any other country/ language.