Moodle Roles Explained

An explanation of Moodle roles, when you may create new roles and how to allow for role overrides.

What are Roles?

Moodle roles facilitate controlling what a user can and cannot do within Moodle and within Moodle courses. Starting in version 1.7, Moodle administrators have the ability edit the permissions and capabilities of roles and create new roles. This can be powerful, but can add complexity to your Moodle installation that can sometimes cause problems with add-ons and upgrades. It is important to keep track of every change that you make so that you can troubleshoot when problems arise.

When Moodle is installed, it comes with seven standard roles that are configured to give users permission to do different things in different contexts. Student and teacher are the most commonly used roles.

  1. Guest role – Guests have minimal privileges. They can view course activities but cannot enter text anywhere. As with all other roles, Guests are required to log in to Moodle before they access a course.
  2. Student role – Students generally have fewer privileges than teachers within a course. They can submit assignments for grading, make posts to forums, and generally participate in a course. Students cannot edit any of the course settings and cannot use Moodle’s Quickmail feature to send mail to an entire class. Students see their own grades only.
  3. Non-editing teacher role – This role cannot add activities or resources, but can view and edit grades.
  4. Teacher role – Teachers can do anything within a course, including changing the activities and grading students.
  5. Authenticated user role – It is an exception role and is mostly used by Moodle internally. The default role for all logged-in users in Moodle 1.8 onwards is Authenticated user. In older Moodle versions the default role for all logged-in users was Guest. The role of Authenticated user does not conflict with other roles a user may have, it just ensures that a user has capabilities that are not assignable at the course level, such as being able to post blog entries and manage their own calendar.
  6. Course creator role – This role can create a course, assign Teachers, plus have all the privileges of a Teacher.
  7. Administrator role – Administrators can do almost anything and go anywhere. It is recommended that there are one or two people with the administrator role.

When talking about roles, Moodle uses the following terminology.


A configurable aspect of behavior. As of version 1.9 Moodle has over 200 capabilities. Each capability has a computer friendly name like mod/forum:rate and a human-friendly name like “Rate posts.” A list of capabilities and their default values can be found at, []


A capability and its value considered as a pair. There are four possible values: Allow, Prevent, Prohibit and Not set/Inherit. (It is called not-set when defining roles and inherit when overriding permissions.) You will almost always use either ALLOW or NOT SET (which usually means don’t allow). There are special cases when you might use prevent or prohibit, but normally you will not use those options.


A named set of permissions, for example Teacher, Student and Forum moderator


A functional area of Moodle, such as a system, course category, course, module or block. Administrators are usually the only ones with permissions at the system level. Teachers normally have permissions at the course level.

Defining a new role

The standard roles are suitable for some educational setups, but most institutions require modifications to the roles’ system in order to tailor Moodle to their specific needs.

There are two main approaches to applying roles:

  1. create a role with the full compliment of permissions
  2. create a role that only defines the permission changes (for example, gives unlimited time on tests) and apply this role in addition to a main role

To add a new role, from “Administration” select Users, Permissions, then Define roles. Click Add a new role, and provide a name, a short name, and a description. All permissions by default are “not set”. The permissions are divided into distinct capabilities that include: system, reports, users, course categories, course reports, gradebook, course, and all activities.

Note: In most cases it would be more efficient to duplicate an existing role and change permissions rather than have to define all permissions.

Creating a duplicate role

An alternate method to creating a new role is to duplicate an existing role, rename it, and adjust the permissions as necessary.
To duplicate a new role, from the “Administration” block select Users, Permissions, then Define Roles.

Click the role you want to duplicate. This new role is then added to the list of roles as a copy (e.g. Teacher copy 1).

To edit that role, select the edit icon. Rename the role (e.g. Librarian). Edit the short name. Under description you can summarize the function of the role or permissions you have changed from the defined role. Choose either not set or allow to select the permissions you have specified for that role. Select save changes.

Example roles: Librarian, Forum Moderator, Teaching Assistant, Question creator, Observer

Allow role assignments

Once you have altered the defined role, you can allow which roles each role can assign to other users. In order to do that, select the Allow role assignments tab and check the appropriate boxes.

Allow role overrides

Overrides are specific permissions designed to override a role in a specific context, allowing you to tweak your permissions as required. Overrides may be used to give users extra permissions or may also be used to prevent actions.

The default setting only allows the administrator to override roles. For example, to enable teachers within a course to set role overrides you must change this system; from the “Administration” block select Users, Permissions, Define Roles then select the [Allow role overrides] tab.

Download the HTML Verision of this Roles document

One comment

  1. rcollman says:

    It is important to remember that in some upgrade processes, the standard Moodle roles may roll back to the default permission set. Where the new roles will not be impacted, excpet for new cabilities that have been added, which should assume the Archtype permissions for the new cabilities. This is similar to the best practice of not editing a standard theme. The best practice is to make a copy with a new name and tweak that.

Comments are closed.