Roles
In OpenVLE, roles serve to bundle and centrally manage system-wide permissions.
Roles simplify the assignment of rights to user groups and ensure that similar users (e.g., instructors, administrators, participants) automatically receive the appropriate access rights.
Where can I find this section?
Via main menu: Access Control -> Roles
Alternatively accessible via: Linked via User or Permission views
Features at a Glance
- Create and manage roles for different user groups
- Assign and remove permissions within a role
- View which users are assigned to a role
- Copy existing roles for faster creation of similar permission sets
- Delete roles that are no longer needed (if not in use)
Key Fields at a Glance
| Field name | Description |
|---|---|
Description | Brief explanation of the tasks or responsibilities of this role, e.g., "Responsible for creating and managing course environments". |
Key (Slug) | Short name of the role. Used internally within OpenVLE, e.g., for API or permission assignments. |
Name | The name of the role, e.g., "Environment Manager" or "1st Level Support". Displayed in lists and associations. |
Creating a Role
- Open the Access Control -> Roles section in the main menu.
- Click Add to create a new role.
- Enter a meaningful name and an optional description.
- Save the role to make it available.
- Assign the desired permissions to the role.
- Then assign users to this role.
Editing a Role
- Open the Access Control -> Roles section in the main menu.
- Search for the desired role in the list.
- Click Edit, or open the role's context menu and select Edit.
- The form displays all current role data.
- Adjust the desired fields — for example, Name or Description.
- Save the changes.
Changes to roles take effect immediately for all users assigned to that role.
Therefore, review permission changes carefully before applying them.
Deleting a Role
- Open the Access Control -> Roles section in the main menu.
- Search for the desired role in the list.
- Click Delete, or open the role's context menu and select Delete.
- Confirm the deletion in the displayed dialog.
- The role will then be permanently removed.
A role can only be deleted if no users are assigned to it.
If users with this role exist, remove the assignments first before deleting the role.
Example or Use Case
An administrator wants to give all environment managers identical rights without having to configure each user individually. They create the Environment Manager role, add permissions for viewing and editing environments, VM templates, and VMs, and then assign this role to all corresponding users.
Notes / Special Considerations
- Roles can only contain global permissions.
- System roles (e.g., Administrator) cannot be deleted or fundamentally changed.
- Roles currently assigned to users can only be deleted after the assignments are removed.
- Changes to a role automatically affect all associated users.
- When copying a role, all permissions are copied, but no user assignments.
Relationships to Other Objects
Many objects in OpenVLE are related to other elements within the system. The following overview shows which relationships exist and whether they trigger certain automations.
| Object | Description | Automatic behavior |
|---|---|---|
| Changelogs | All changes to the object are automatically logged. | Automatic removal when the object is deleted. |
| Permissions | Any number of permissions can be assigned to a role. | No automations. |
| Tags | Objects can be tagged with any number of tags to categorize or filter them. | Automatic removal when the object is deleted. |
| Users | Any number of users can be assigned to a role. | No automations. |
Required Permissions
The permissions required for actions can be assigned via roles or individually. If you lack certain rights, the corresponding functions in the user interface are hidden or disabled.
| Action | Required permission | Path | Additional information |
|---|---|---|---|
| View roles | roles_read | / | |
| Create roles | roles_create | / | |
| Edit roles | roles_update | / | |
| Delete roles | roles_delete | / | |
| Assign permissions | objectpermissions_create | / | |
| Remove permissions | objectpermissions_delete | / |