In RWTHmoodle, individuals in a course room can have different editing permissions. These editing permissions are managed via roles and can be configured additionally in case of the roles of Tutor, Student, and Extra Participant.

Table of Contents

1. Available roles
2. Scope of permissions and data access options for roles 

1. Available roles

There are eight roles in RWTHmoodle with increasing permissions levels:

1. Student
2. Extra User (same permissions as Student)
3. Tutor
4. Instruction Manager (limited to the “Instruction courses” course category)
5. Manager
6. Instruction Administration (limited to the “Instruction courses” course category)
7. Support Admin
8. Administrator

These roles have varying degrees of access to personal data in RWTHmoodle. Data may only be accessed for the specified purpose and to the extent necessary to perform the task. The principle of data minimization also applies. The scope of permissions and the possibility of data access for each role is described in detail below.

2. Scope of rights and data access options for roles

2.1. Student and Extra User

The roles of student and extra user are identical with regards to permissions. They difference is how they are added to the course room. The role of student is assigned to individuals who have registered for a course in the RWTH Aachen University campus management system and have been assigned a fixed place as part of the registration process. University members who have registered for a continuing education course in the RWTH Aachen event management system and have been assigned a place to participate are also assigned the role of Student. Both groups of people are automatically enrolled in the corresponding course room in RWTHmoodle. If they are to be removed from the course room, they must be deregistered from the course in RWTHonline or in the event management system.

Persons with the role of extra user are manually authorized by the manager role directly in the course room in RWTHmoodle or can register themselves in a course room via self-enrolment, provided that this is activated for the course room.

People with either of these roles do not have editing permissions in the course room, meaning they cannot create, edit, or delete activities. However, they can create content in a number of activities offered, for example, provide answers in electronic self-tests, create submissions in assignments, create submissions and make assessments in peer reviews, book appointments in schedulers, create posts in PDF annotators and forums, or make files available to other students in student folders.

Depending on the teaching scenario, people in these roles have access to the following data:

• First name, last name, email address: To enable contact with lecturers and tutors, the first name, last name, and email address of persons with the roles of manager and tutor are always visible to persons with the roles of student and extra user.

  People with the role of student or extra user can only see the first name, last name, and email address of other people with these roles if they are working together in a study group of up to 10 people in the course room. This is to make it easier to establish contact within the context of group work. Course groups transferred from RWTHonline are excluded from this, as they primarily serve organizational purposes. The visibility of the data can also be disabled by managers if, for example, the groups are not explicitly intended for collaboration.

  If managers activate group messages in the settings of a group, users can see the names of other group members and send them messages. This also serves to simplify contact within groups that are used for group work.

  Outside of the scenarios mentioned above, the data is only visible if the individuals concerned have explicitly permitted this in their profile settings.
   
• Usage and content data: This includes contributions from all roles in offered learning activities, including uploaded files. The visibility of the data depends in part on the settings for the learning activity that the managers have selected.The default settings for the visibility of data to other course room participants are such that as little data as possible is visible. People with the roles of student or extra user can only ever see their own grades.
   

2.2. Tutor

This role is suitable for tutors who are responsible for correcting and evaluating students' assignment submissions or developing questions for the quiz activity. They cannot book participants or create, edit, or delete activities. However, managers can grant additional permissions to this role via “More” and “Change permissions for tutors or students.” The tutor role is assigned manually by managers. They are responsible for assigning tasks to tutors and the associated ability to view personal data, especially that of students.

Tutors in the role have access to the following data, depending on the teaching scenario:

• First name, last name, email address: Always visible to all roles in the course room to ensure that tutor tasks can be performed. For the same reason, the first name, last name, and email address of tutors are visible to everyone in the course room. However, managers can hide this data by clicking on “More” and then “Change permissions for tutors or students.”
   
• Matriculation number: The matriculation numbers of students and extra user are visible to tutors within a course room in the submission overview and the grading view of assignment activities. If names are identical, this allows for clear identification. In justified cases, managers can also independently extend the permissions of tutors to give them access to the results overview of the quiz activity and the assessment area of the course room. Here, too, the matriculation numbers are visible for the purpose of clearly identifying users with the same name.
   
• Usage and content data: Contributions of all roles in offered course room activities, including uploaded files. The visibility of the data depends in part on the settings chosen by the managers. Since both roles are used in particular for correcting and manually grading assignment submissions, tutors also see the students' grades, depending on the settings chosen by the manager role.

2.3. Instruction Manager

This role is limited to the "Instruction courses" course category. It is intended for persons who are responsible in the instruction courses for ensuring that the instruction is carried out regularly by the persons who are subject to the instruction requirement. The role is automatically assigned to RWTH employees who have been assigned the role of “IT Security Instruction Management” or “Occupational Safety Instruction Management” by the role management of their organizational unit. The organizational unit must belong to the central or academic area.

The role of instruction manager has the same permissions as the role of manager, but cannot view the results of quiz attempts in the “Quiz” activity and can only assign the role of extra user. However, for the courses in the “Instruction courses” course category, they have the permission to view the activity completion report (overview list), i.e., this role can see who completed an activity for which a completion criterion is defined and when.

2.4. Manager

People with the role of manager design the course room, manage participants and dates, provide learning content, plan learning activities, carry them out, and manage student assessments.

All persons who are assigned to a course as lecturers or contributors in the RWTH Aachen University campus management system are automatically assigned the role of manager in the corresponding course room. The same applies to persons who are listed in the RWTH's event management system as staff or lecturers for a continuing education event. Managers can also manually authorize additional persons as managers in the course room itself. Managers are responsible for assigning tasks to authorized persons and for the associated access to personal data, in particular of students and other university members.

Depending on the teaching scenario, persons in this role have access to the following data:

• First name, last name, email address: Always for all persons in the course room to ensure that supervisory tasks are fulfilled. For the same reason, the first name, last name, and email address of managers are visible to all persons in the course room.
   
• Matriculation number: The matriculation numbers of students and extra users are visible to managers within a course room in the grades section, in the submission overview and the grade view of assignment activities, and in the results overview of the test activity. You can also export data as a file in some areas and activities of RWTHmoodle, such as the participant list, assessments, or voting. These exports include the first name, last name, and matriculation number for the unique identification of students and extra participants. If there is no matriculation number, the email address is exported instead. The data may only be exported and processed for the purposes of the respective teaching, training, and continuing education event. The person exporting the data must ensure that no third party gains knowledge of the personal data and that the data is completely deleted once the purpose has been fulfilled.
   
• Lmsid: In the grades section, managers can export the grades achieved by the roles student and extra participant as a CSV file. This file also contains the lmsid, which is required for further processing in other systems, such as the Language Center.

2.5. Instruction Administration

This role is limited to the “Instruction courses” course category. It is intended for individuals who are responsible for the specialist administration of instruction courses in Department 5.5 of the Central University Administration (ZHV). As part of RWTH Aachen University's instruction management, the specialist administration prepares the structure and content of the RWTHmoodle course rooms used for instruction, regularly updates the documentation and training materials, organizes training courses, and provides first-level support for questions about the instruction courses.

The role of “Instruction Administration” is assigned or revoked by administrators at the request of the subject administration.

Persons with this role can access all courses in the “Instruction courses” course category, but not courses in other course categories. In the courses to which they have access, they have the same permissions as the managers of these courses. In addition, they can view the activity completion report (overview list) in these courses, i.e., they can see who completed an activity for which completion criteria are defined and when. Since they are not enrolled in the courses in the “Instruction courses” course category, they do not appear in the participant list for these courses.

2.6. Support Admin

The role of support admin is exclusively held by IT Service Desk employees who are responsible for first-level support for the system. In the course of performing their duties in support of RWTHmoodle, this group of people has access to personal data in order to ensure support for the application.

Support administrators have access to all course rooms, but cannot create, edit, or delete activities there. They can add participants to course rooms in the roles student, extra user, tutor, instruction manager, and manager, but they cannot change grades. However, they can see all user course data in order to verify authorizations. The persons assigned this role are bound to secrecy.

2.7. Administrator

The role of administrator is reserved exclusively for employees of the specialist departments involved in the development and operation of RWTHmoodle at the IT Center, as well as employees of the Learning Platforms, Evaluation, Assessment, and Analytics (LEA) department at the Center for Learning and Teaching Services (CLS) who perform technical or subject-specific didactic support tasks.

Administrators have the same permissions as managers, but also have access to all user course data in order to verify authorizations. In principle, they can view all personal data, including Moodle log data and web server log data. Access is granted exclusively within the scope of their duties and only when necessary. Persons assigned this role are bound to confidentiality.