M25 - Roles and Permissions

Keywords:  permission, access, editing, moderating, view, edit, role, grant, demote, actions, activities, resource, activity

What is it?

Permissions

Permissions provide a way of tweaking which roles (e.g. Student, Tutor, Non-Editing Tutor) can do which actions (e.g. view submissions, view names, grade submissions, edit settings) on which elements (e.g. submissions, feedback).

You can edit Permissions within the settings of a particular activity or resource.

Roles

A role is a collection of permissions that is used to grant particular access to specific users in specific contexts. The combination of roles and context defines a specific user's ability to do something on any page. The most common examples are the roles of student and tutor in the context of a course e.g. a student does not have permission to edit a course or grade work, but a tutor does.

UCL Moodle contains the following roles.

Participant roles:

  • Students: who are currently enrolled in a course. They can view course content, participate in activities, submit coursework and view their own grades. The permissions are identical to the Participant role but with an alternative name.
  • Participants: are those from voluntary membership clubs, networks, non-academic Moodle courses or past students. The permissions are identical to the Student role but with an alternative name.
  • Guests: do not need to log in to UCL Moodle to access courses that have been made available to guests, either with an enrolment key (password) or without one. They have minimal privileges, including not being able to see participants' lists or user profiles. They have read-only access and cannot participate in any activities.

Teaching roles:

  • Tutors: are academic staff who require edit access and are the default teaching role. They can do anything within a course, including enrolling students, editing content, adding activities and grading students. The permissions are identical to the Course Administrator role but with an alternative name.
  • Non-editing tutors: are academic staff, external examiners and Teaching Assistants who can grade student work but DO NOT require edit access . They can teach in courses and grade students, but may not edit content or alter activities. 
  • Non-editing Tutor (no emails): are academic staff, external examiners and Teaching Assistants who can grade student work but DO NOT require edit access. However, this role also has the addition of not receiving any emails from the course either. All notifications, except messages, are disabled ONLY at the category level.

Course editor roles:

  • Course Administrators: are non-academic staff who require edit access. They can do anything within a course, including enrolling students, editing content, adding activities and grading students. The permissions are identical to the tutor role but with an alternative name.
  • Course Administrator (no email): are non-academic staff who require edit access, ONLY at the category level, without being inundated by emails. They can do anything within a course, including enrolling students, editing content, adding activities and grading students. This role is identical to the course administrator (and tutor) roles, except that emails won't be sent from forums, assignments etc.
  • Tutors: (see 'Teaching roles' section).
  • Leaders : are staff leading on a module or programme. They can do anything within a course, including enrolling students, editing content, adding activities and grading students. This role is identical to the Course Administrator role but with an alternative name. Used for academic staff who require edit access.
  • Student Connected Learning Assistant: can also be used for Student content developers and/or Interns. The role can add/edit Moodle section content, with the exception of Moodle Quizzes, Turnitin assignments, Moodle assignments and Grades, which this role is unable to view.

Reviewer roles:

  • External Examiner: the role can only be assigned at the course level and enables the External Examiner to look at all activities in a course without receiving any notifications for forum posts, assignment submissions and so on.
  • Student Auditor: has access to everything on the course but is not able to submit assignments, post to forums, see quizzes and so on. They have access to content for all the groups, but at the same time, they do not show up in activity and completion reports.
  • Staff Observer: This role may be suitable for staff such as those in the Library, Digital Education or Arena. They have read-only access, they can view courses, including hidden courses and activities, but may not grade students, edit content or alter activities. 
  • SSW (Student Support & Wellbeing) Supporter: For staff who require access in order to support students with accessibility issues/SORAS. This role is functionally similar to the student role. This role does NOT have editing permissions. The role does not show up in Moodle course level reporting or as a course participant. The role can be assigned at the course level and if appropriate at category level to allow support workers access to courses without having to request this from local course admin/tutors. Note: Digital Education does not manage the creation of UCL computer accounts for these staff, this is usually handled by SSW via the services system.

Support staff roles: These roles are mainly at the category or site level.

  • Service Desk Administrators :  are members of the UCL ISD Service Desk team, who support UCL staff and students to use UCL Moodle. They can create courses and update user profile details (e.g. names).
  • Digital Education Administrators: have site level access to all courses and can upload resources, but can't alter site settings.
  • Accessibility Assistants: are student assistants working under the oversight of Digital Education to assist staff in making accessibility improvements to Moodle documents and content.
  • MyFeedback Departmental Administrator: enables departmental administrators to access students' assessment MyFeedback report for an entire faculty or department.
  • Category Observers: can view courses, including hidden courses and activities, but may not grade students, edit content or alter activities. This role may be suitable for staff such as those in the Library, Digital Education or Arena.

Why use it?

Consider the Restrict Access settings of the resource or activity first. If those don't achieve what you need because, for example,

  • you want students to see all submissions to a workshop activity, rather than just their allocation.
  • you want students to be able to view all submissions to an assignment, rather than just their own.

then turn to Permissions.

Who can use it?

Anyone with an editing role in that Moodle space, such as tutor and course administrator.

Before I start...

Changing permissions on a role, or activity in your course can have far-reaching implications, so you'll need to test this carefully the first time around as follows:

How do I change permissions?

  1. In your Moodle space (if you're new to this, use a test space as mentioned above), turn on the edit toggle; controls display.
  2. Locate the activity or resource you wish to change permissions for.
  3. Next to the chosen item, you'll find an options menu represented by three dots. Click on the three dots.
  4. From the dropdown menu, select 'Edit settings'.
  5. In the toolbar at the top of the page you will find an option menu, click More.
  6. On the drop down menu that appears select 'Permissions'
  7. Note that the permissions vary between the different activities and resources.
  8. In the capability column, find the required permission title.
  9. In its corresponding risks column, check the risks before changing the permissions.
  10. In its corresponding roles with permission column, add roles using the + (Plus) icon, and remove any roles you have permission to remove using the x (Remove) icon.
  11. Test by giving your student test accounts the role(s) affected, logging in as them, and checking you have the intended level of access. Go through the activity carefully using different roles and check everything is in order.
  12. If you are not satisfied with the outcome, return to the Permissions, make refinements, and carry out test again to make sure you have selected the appropiate settings. 
  13. Finally, apply these new permissions to the relevant elements on your live Moodle space.


Further help

Further guidance on Roles and Permissions is available from Moodle Docs.

If you find any inaccurate or missing information you can even update this yourself (it's a communal wiki).

If you have a specific question about the tool please contact the Digital Education team.

Caution

  • As mentioned above, do test carefully on a test Moodle space with test users in different roles.
  • Use Permissions only if restrict access in the Settings of the activity or resource does not do what you need.
  • If your Moodle space has multiple editors, liaise carefully with them about this. It may be helpful to keep a hidden page where you inform each other of these kinds of changes, titled 'Moodle space configuration' or something meaningful to you all.

Examples and case studies

The UCL Arena Teaching Associates Programme has a Workshop activity where participants submit draft fellowship case studies and give and receive peer feedback. After peers have given each other feedback, once they all give their permission, the Workshop permissions are changed so that all participants can browse all submissions and all feedback.

Questions & Answers

Q. How do I get a general idea of what a Moodle course looks like for a particular role, e.g. a student?

A. In Moodle click on your name in the top right corner of the screen and select Switch role to... in the drop-down menu. Then choose the type of role you would like to simulate. Your logged in information, in the top-right of the Moodle page will change to reflect this simulated role. 

Note , this does not accurately reflect all aspects of the role's permissions, but gives you a rough idea of what users in that role can see and do. If you need to test what users in particular groups can see or need more exact testing, then please set up Moodle Student Test accounts instead.

Further roles FAQs are available on Moodle Docs.

Further information

See also: