Looking for up-to-date Help documentation? Documentation for the latest releases of Totara is now available at totara.help!

Visit the new Help site

  • You are here: Home > Site Administration > Users > Permissions > Define Roles

What are user roles?

A role is a collection of permissions that you can assign to specific users in specific contexts. The role is available site-wide and can be assigned to a user at site, category, course and activity level. 
  
For example, you may have a role called ‘Trainer’ set up to allow trainers to do certain things (and not others), once this role exists you can assign it to someone in a course to make them a ‘Trainer’ for that course. You could also assign the role to a user in the course category to make them a ‘Trainer’ for all the courses under that category, or assign the role to a user just in a single forum, giving that user those capabilities just in that forum. 
  
A role must have a name, if you need to name the role for multiple languages you can use multilang syntax, for example; 
  
<span lang="en">Trainer</span> 
<span lang="es_es">Manager</span> 
  
If you do this make sure the setting to "filter strings" is switched on for your installation. 
  
The 'Shortname' is required for Totara plugins that refer to your Roles. e.g. when bulk uploading users. 
The 'Description' is used to describe the role, so all site administrators have a common understanding of the role. 
Note: that you can base your new role on an existing one (a legacy role).

 

Defining User Roles

The 'Define roles' page has three tabs: Manage roles, Allow role assignments and Allow role overrides. 
  
The 'Manage roles' tab contains a list of roles on your site. The Edit column contains icons for editing and deleting roles, and for moving them up or down in the list (affecting the way that roles are listed around Totara). Below the table is an 'Add a new role 'button. 
  
If you wish to modify the capabilities for a particular role, you can do so by editing the role. 
For example you may want to allow trainees to unenrol themselves from a course when using internal enrolment.

Permissions

You have three permission levels for each task: 
  
Allow: The role is assigned in the stipulated context. 
  
Prevent: By choosing this you are removing permission for this capability, even if the users with this role were allowed that permission in a higher context. 
  
Prohibit: This is rarely needed, but occasionally you might want to completely deny permissions to a role in a way that can not be overridden at any lower context. A good example of when you might need this is when an admin wants to prohibit one person from starting new discussions in any forum on the whole site. In this case they can create a role with that capability set to ‘Prohibit’ and then assign it to that user in the site context. 
  
Allow role assignments: This defines what roles each of the roles listed can allocate to users in the site. 
  
Allow role overrides: This defines what role permissions can be overridden by the roles on the left.

Edit a role

  1. Select 'Permissions' and click 'Define roles' on the Site Administration menu.
  2. Click the 'Edit' icon opposite the role you want to edit.
  3. On the 'Edit roles' page, change permissions as required.
  4. Click the 'Save changes' button.
In some circumstances it may be easier to create a new role rather than editing an existing one.

Add a new role

  1. Select 'Permissions' and click 'Define roles' on the Site Administration menu.
  2. Click 'Add a new role' on the 'Manage Roles' page.
  3. On the 'Add a new role' page, give the role a name.
  4. Give the role a meaningful short name, the short name is necessary for Totara plugins they refer to the system roles.
  5. Give the role a description (optional).
  6. You can base a new role on the permissions set for an existing role, so that you do not start from scratch. Select from the Legacy role type option to do this.
  7. Set the required permissions.
  8. Click 'Add a new role' to save your new role.

Test the new role

  1. Create a test user and assign the new role to them.
  2. Either log out as the administrator and then log in as the test user, or use a different browser to log in as the test user. Role changes only take effect when the user next logs in.

Allow role assignment

The 'Allow role assignments' tab allows you to define the role a user can assign to another user based on their assigned role. 
Using the grid you can allow people who have the roles on the left side to assign some of the column roles to other people.

 

  1. Select 'Permissions' and click 'Define roles' on the Site Administration menu.
  2. Click the 'Allow role assignments' tab.
  3. Find the role you wish to set role assignment permissions for.
  4. Click the check box for the roles they are allowed to assign.
  5. Click 'Save changes'.

Allow role overrides

The 'Allow role overrides' allows you to define which roles can be overriden by a specific role. 
  
Using the grid you can allow people who have the roles on the left hand side to set overrides for other system roles. 
Note: that these settings only apply to users who have either the capability moodle/role:override or the capability moodle/role:safeoverride allowed. 

  1. Select 'Permissions' and click 'Define roles' on the Site Administration menu.
  2. Click the 'Allow role overrides' tab.
  3. Find the role you wish to set role override permissions for.
  4. Click the check box for the roles they are allowed to set role overrides for.
  5. On the “Edit roles” page, change the “Override permissions for others” capability to “allow.”
  6. Click 'Save changes'.

 

 

 

 

Still have questions? Why not post them in the forums of the Totara Community.

  • No labels