Skip to content

Permissions

Jump to bottom Edit New page
Yannick Warnier edited this page Aug 12, 2024 · 8 revisions

Permissions and roles

Permissions

Permissions appear from version 2.0.

They allow the admin to define what roles has what permissions.

Chamilo works with a strong contextual focus on courses and the course "space", so many of the permissions you would otherwise find in a global, platform-wise setting would not apply in our context, or would make management so complex it would just repel most users.

Here is the (evolving) list of permissions for Chamilo 2:

For the sake of presentation, the roles have been abbreviated as:

  • ROLE_INVITEE = INV
  • ROLE_STUDENT = STU
  • ROLE_TEACHER = TEA
  • ROLE_ADMIN = ADM
  • ROLE_SUPER_ADMIN = SUA (very minor difference with ADM: can also login as another user)
  • ROLE_GLOBAL_ADMIN = GLO
  • ROLE_RRHH = HRM
  • ROLE_QUESTION_MANAGER = QBM
  • ROLE_SESSION_MANAGER = SSM
  • ROLE_STUDENT_BOSS = STB

In the following table, a - means no permission is granted to this role by default, and an x means permission is granted by default.

Chamilo permission code Meaning INV STU TEA ADM SUA GLO HRM QBM SSM STB
analytics:view View my own results x x x x x x x x x x
analytics:viewassigned View results of users assigned to me - - x x x x x - x x
analytics:viewall View results of all users - - - x x x - - x x
assignment:create - - x - - - - - - -
assignment:delete - - x x x x - - - -
assignment:edit - - x x x x - - - -
assignment:grade - - x - - - - - - -
assignment:submit - x - - - - - - - -
assignment:view x x x x x x x - x x
backup:backup - - x x x x - - x -
backup:copy - - x x x x - - x -
backup:restore - - x x x x - - x -
badge:configurecriteria - - - x x x - - x -
badge:create This allows a user to create and import badges - - - x x x - - x -
badge:edit Edit badges definition - - - x x x - - x -
badge:delete Delete badges - - - x x x - - x -
badge:view View badges' definition x x x x x x - - x x
calendar:create Create global calendar events - - - x x x - - -
calendar:edit (global calendar) - - - x x x - - - -
calendar:delete (global calendar) - - - x x x - - - -
catalogue:view View the courses catalogue x x x x x x x x x x
certificate:create Create a new certificate template - - x - - - - - x -
certificate:delete Delete a certificate template - - x - - - - - x -
certificate:edit Edit a certificate templace - - x - - - - - x -
certificate:generate Generate one's own certificate - x x - - - - - x -
certificate:generateall Generate all certificates in a gradebook - - x - - - x - x -
certificate:viewall View all instances of one certificate issued to all users in my context - - x - - - x - x x
class:assigncourse Assign a course to a class - - x x x x - - - -
class:assignsession Assign a session to a class - - - x x x - - x -
class:assignuser Assign a user to a class - - - x x x - - x -
class:create Manage global classes of users - - - x x x - - x -
class:delete Delete classes - - - x x x - - x -
class:edit Edit classes - - - x x x - - x -
class:view View classes - x x x x x - - x -
cms:create Create a CMS page - - - x x x - - - -
cms:delete Delete a CMS page - - - x x x - - - -
cms:edit Edit and change CMS page publication status - - - x x x - - - -
course:create Create a course space - - x x x x - - x -
course:delete Delete a course space - - x x x x - - - -
course:downloadcoursecontent Download all course content - - x x x x - - x -
course:edit Edit own course's properties - - x - - - - - x -
course:editall Edit all course's properties - - - x x x - - - -
course:editsettings Manage course settings - - x x x x - - - -
plugin:manage Enable/disable/configure plugins - - - x x x - -
quiz:create Create a quiz - - x - - - - x - -
quiz:delete - - x - - - - x - -
quiz:edit - - x - - - - x - -
quiz:grade - - x - - - - - - -
quiz:viewliveresults - - x - - - - - x -
quiz:managequestionbank - - - x x x - x - -
role:create not yet available - - - x x x - - - -
role:managepermissions Assign or remove permissions from roles - - - x x x - - - -
session:create - - - x x x - - x -
session:delete - - - x x x - - x -
session:edit Edit own session's properties - - - x x x - - x -
session:editall Edit all sessions' properties - - - x x x - - x -
session:assigncourse Assign a course to a session (to assign users, use user:assignsession) - - - x x x - - x -
site:editsettings Manage settings of the platform (if multi-URL, only the one we're admin in) - - - x x x - - - -
site:maintenanceaccess not yet implemented - - - x x x - - - -
skill:coursecompetencymanage Assign skills through course gradebooks - - x x x x x - - -
skill:usercompetencyreview Add comments on other user's acquired skills - x x x x x - - - -
skill:assign Assign a skill to a user - - - x x x - - - -
skill:create Create skills (shared b/w URLs, so only GLO can) - - - - - x - - - -
skill:delete - - - - - x - - - -
skill:edit - - - - - x - - - -
skill:view View all skills acquired by users in my context - - - x x x - - x x
skill:viewall View all skills acquired by users of the platform - - - x x x - - x -
survey:create Add a survey (global or inside own course) - - x - - - - - - -
survey:delete - - x - - - - - - -
survey:edit - - x - - - - - - -
survey:submit x x x x x x - - x x
survey:viewresults - - x - - - x - x x
ticket:comment - x x x x x x x x x
ticket:manage Manage the tickets system - - - x x x - - - -
ticket:report - x x x x x x x x x
ticket:seeissues See issue details for issues where they are involved - x x x x x - - x x
ticket:viewallissues - - - x x x - - x -
tool:editvisibility Allow setting the visibility of a tool in a course (depends on context) - - x x x x - - x -
url:manage Manage Multi-URL configuration - - - - - x - - - -
url:assignclass - - - - - x - - - -
url:assigncourse - - - - - x - - - -
url:assignuser - - - - - x - - - -
user:assignclass - - - x x x - - x -
user:assigncourse - - x x x x - - - -
user:assignsession - - - x x x - - x -
user:create - - - x x x - - - -
user:delete - - - x x x - - - -
user:edit - - - x x x - - - -
user:editrole - - - x x x - - - -
user:loginas - - - - x x - - - -

Roles

Roles are defined in config/packages/security.yaml under the array role_hierarchy. These roles are assigned through the roles field in the user table.

New roles cannot be created through the interface at the moment, but once created in security.yaml, they will appear in the permissions assignation page in the administration section of Chamilo.

This is a non-updated list of roles, from security.yaml:

    role_hierarchy:
        ROLE_STUDENT: [ROLE_USER]
        ROLE_ADMIN:
            - ROLE_USER
            - ROLE_STUDENT
            - ROLE_TEACHER
            - ROLE_QUESTION_MANAGER
            - ROLE_SESSION_MANAGER
            - ROLE_CURRENT_COURSE_TEACHER
            - ROLE_CURRENT_COURSE_SESSION_TEACHER
            - ROLE_CURRENT_COURSE_GROUP_TEACHER
        ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH] # Admin that can log in as another user.
        ROLE_GLOBAL_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH] # The user that installed the platform.
        ROLE_TEACHER: [ROLE_STUDENT]
        ROLE_RRHH: [ROLE_TEACHER, ROLE_ALLOWED_TO_SWITCH]
        ROLE_QUESTION_MANAGER: [ROLE_STUDENT]
        ROLE_SESSION_MANAGER: [ROLE_STUDENT, ROLE_ALLOWED_TO_SWITCH]
        ROLE_STUDENT_BOSS: [ROLE_STUDENT]
        ROLE_INVITEE: [ROLE_STUDENT]

        ROLE_CURRENT_COURSE_STUDENT: [ROLE_CURRENT_COURSE_STUDENT] # Set in the CidReqListener
        ROLE_CURRENT_COURSE_TEACHER: [ROLE_CURRENT_COURSE_TEACHER, ROLE_CURRENT_COURSE_STUDENT] # Set in the course listener
        ROLE_CURRENT_COURSE_GROUP_STUDENT: [ROLE_CURRENT_COURSE_GROUP_STUDENT] # Set in the CidReqListener
        ROLE_CURRENT_COURSE_GROUP_TEACHER: [ROLE_CURRENT_COURSE_GROUP_TEACHER, ROLE_CURRENT_COURSE_GROUP_STUDENT]
        ROLE_CURRENT_COURSE_SESSION_STUDENT: [ROLE_CURRENT_COURSE_SESSION_STUDENT]
        ROLE_CURRENT_COURSE_SESSION_TEACHER: [ROLE_CURRENT_COURSE_SESSION_STUDENT, ROLE_CURRENT_COURSE_SESSION_TEACHER]
        ROLE_ANONYMOUS: [ROLE_ANONYMOUS]

Each role is assigned permissions by default and through the permissions management panel.

Contributing

If you would like to suggest the incorporation of a new permission, please simply open a new issue and start with "Permissions: ".

On cross-LMS standardization

Given we started later to implement permissions, we tried to keep similarities with capabilities in Moodle, but after trying to understand the structure of those, we had to give up to avoid having inconsistency all over in the permissions naming. Also, sorry for people hoping for standardization, but our systems are so different and it wouldn't make sense.

In our context, some capabilities do not make sense. For example, a user should always be able to see his/her own results if the learning objects are configured to show results. An "analytics/listowninsights" doesn't seem to make much sense for us, so we don't implement it (you can say that it's "always on").

Other capabilities are added because the corresponding feature does not exist or is very different there, like the CMS feature.

Some feature are false friends: sessions are not the same in both systems, triggering poential confusion for someone trying to use the same base naming.

Add a custom footer

Chamilo LMS

Clone this wiki locally