Separate Permission for Member Administration

1 Requirements

By now (v5.0), there is no way to separate the permission for member administration in courses from the one to edit its settings.
In many scenarios, however, exactly this distinction is missing urgently.
So, we suggest to introduce a new RBAC permission "Edit Memberships" in courses.
For users holding it, this permission would allow perform any action that is by now possible in the "Members" screen(s) while holding the "Edit Settings" permission.

Open Questions

• Are groups to be considered, too?

Kunkel, Matthias [mkunkel], June 25, 2015: I strongly recommend to implement this separation for groups, too. I see scenarios where group administrators should only manage group members but not changing the group settings (e.g. in mentoring groups).

• Is the "Edit Settings" permission supposed to be restricted regarding the actions granted by this new permission?

Kunkel, Matthias [mkunkel], June 25, 2015: As already mentioned in my posting below (April 17), a strict separation makes sense and offers more configuration options. Existing roles with assigned "Edit Settings" permission will get both permissions after DB update. So nothing will change for those roles.

2 Additional Information

• Idea / concept: Norbert Bromberger (bromberger [at] qualitus [dot] de)
• Interest in funding:
• Maintainer: Stefan Meyer
• Implementation of the feature is done by (company, developer)
• Testcases / tested by : tbd

3 Discussion

Matthias Kunkel, April 17, 2015: I have added a feature wiki request already in 2009 for implementing a permission to administrate members in a group. So yes, such a permission should exist both for courses and groups. Therefore I rename the wiki page to ‘Separate Permission for Member Administration’ and delete my 2009 request as there is no need to have two pages for the same issue.

Concerning the distinction between ‘Edit Settings’ and ‘Manage Members’ (which would be my suggestion for the permission's name): I strongly recommend to separate both permissions strictly. In the future, ‘Edit Settings’ will allow to edit the course's or group's settings and add content. But you won't be able to enter the member administration and add or remove course or group members. This requires a DB update step in which all roles that had ‘Edit Settings’ before get now ‘Edit Settings’ and ‘Manage Members’.

Yvonne Seiler, June 24, 2015: We support this feature too for courses and groups.

What are the further steps for this feature: Were there already any discussions with the maintainer? Jour Fixe? Funding needed?

Kunkel, Matthias [mkunkel], June 25, 2015: As far as I know the maintainer (Stefan Meyer) is not involved yet. The next steps would be to wish this feature for 5.2 (which I will do immediatelly), to organise funding and to get a contract with the developing service provider (probably LEIFOS). I see a good chance that this suggestion will benappreciated by the Jour Fixe as this requirement has been mentioned already several times in the past.

JourFixe, ILIAS [jourfixe], April 11, 2016: We highly appreciate this request and schedule it for 5.2. A separate permission for member administration should be offered for:

• Course
• Group
• Study Programme

4 Implementation

The permission "Manage Members" is available in:

• Course Management
• Group
• Study Programme
• Individual Assessment

4.1 Study programme

We introduced the manage_members operation to RBAC and affiliated it with Study programme (db-update 4911). The rendering of 'Members'-tab and the ability to access the members managaement menu for a user now depends on the corresponding setting in permissions-management menu.

...

Testcases 

Testcases were prepared on 2016-08-25 by atoedt

• 13021: Rechte für gleichberechtigte, selbstgesteuerte studentische Arbeitsgruppen (Teams)

Approval