From: moodler Date: Sun, 29 Oct 2006 08:07:16 +0000 (+0000) Subject: A small help file for permissions X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=c867a1ad089d2f9c5b948d1bea42ad8293aec9f7;p=moodle.git A small help file for permissions --- diff --git a/lang/en_utf8/help/permissions.html b/lang/en_utf8/help/permissions.html new file mode 100644 index 0000000000..147aed7a83 --- /dev/null +++ b/lang/en_utf8/help/permissions.html @@ -0,0 +1,64 @@ +

Permissions

+ +

+Permissions are the settings that you grant for specific capabilities. +

+ +

+For example, one capability is "Start new discussions" (in forums). +

+ +

+In each role, you can choose to set the permission for such a capability +to one of four values: +

+
Inherit
+
This is the default setting, generally. It's a neutral setting that + means "use whatever setting the user already had". If a role + gets assigned to someone (eg in a course) that has this permission for + a capability, then the actual permission they'll have will just be + the same as they already had at higher-level contexts (eg categories + or site level). Ultimately, if permission is never allowed at any + level, then the user will have no permission for that capability. +
+ +
Allow
+
By choosing this you are granting permission for this capability + to people who are assigned this role. This permission applies + for the context that this role gets assigned plus all "lower" + contexts. For example, if this role is a student role assigned + to a course, then students will be able to "start new discussions" + in all forums in that course, UNLESS some forum contains an + override or a new assignment with a Prevent or Prohibit value + for this capability.
+ +
Prevent
+
By choosing this you are removing permission for this capability, + even if the users with this role were allowed that permission in + a higher context.
+ +
Prohibit
+
This is rarely needed, but occasionally you might want to completely + deny permissions to a role in a way that can NOT be overridden at + any lower context. A good example of when you might need this is + when an admin wants to prohibit one person from starting new + discussions in any forum on the whole site. In this case they + can create a role with that capability set to "Prohibit" and then + assign it to that user in the site context. +
+ +
+

+ +

Conflict resolution of permissions

+ +

If two roles are assigned to a person in the same context, one with + Allow and one with Prevent, which one wins? In this case, Moodle will + look up the context tree for a "decider".

+ +

For example, a student has two roles in a course, one that allows + them to start new discussions, one that prevents them. In this case, + we check the categories and the site contexts, looking for another + defined permission to help us decide. If we don't find one, then + permission is prevented by default (the two settings cancelled each other out). +