Roles and capabilities
The Moodle access rights system is based around the concepts of contexts, capabilities, permissions, and roles. Let us first define these terms in the context of Moodle.
Capability
A capability is a system defined feature or action. For example, view course would be one capability. All capabilities are defined either by Moodle core or by third-party module(s).
Context
Context is an abstraction representing part of Moodle. We have six predefined contexts and they are arranged in a hierarchical fashion with permissions inherited from higher to lower contexts. Here is the list of existing contexts presented in order of importance from higher to lower:
System: This context represents the entire Moodle. Any role assigned at this level applies globally on the entire system. For example, if we assign the teacher role to a user he will have that role in every course and would be able to manage them as if enrolled in every one of them.
User: This context for a specific user...
