somiaj
commented
2 months ago Unsure if there is a agreed upon approach to this, because it might change based on use case. But there is now a way to easily remove options from the configuration page for users who aren't admins, or all users using the new change_config_foo permission levels.
For instance if you are using LDAP and want to prevent users from changing the permission level to change passwords you could do something like $permissionLevels{'change_config_permissionLevels{change_password}'} = 'admin'; (or nobody) in localOverrides.conf or course.conf, and this would prevent professors from even seeing this configuration option, so this would address your first issue, it is possible to remove settings from the configuration page for non admin users that you don't want them to be able to change in the server configuration.
I'm not sure of a way to deal with part 2, also is nobody considered a higher permission level than professor, I would like my users to be able to set things to nobody, but do agree, maybe not allow professors to set things to admin (and maybe if it is already set to admin, not let them see or change it?).
On the permissions config page an instructor can set
$permissionLevels{login}. If they set it to a permission higher than their own, then they will lock themself out of the course, and it will take shell access to fix.This leads to a couple of broader questions:
$permissionLevels{change_password}set to "nobody" since passwords are handled by LDAP, but I can't stop an instructor from changing this for their course.