Moodle
  1. Moodle
  2. MDL-10022

Teachers unable to reset student passwords

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Won't Fix
    • Affects Version/s: 1.8
    • Fix Version/s: None
    • Component/s: Roles / Access
    • Labels:
      None
    • Affected Branches:
      MOODLE_18_STABLE
    • Rank:
      12050

      Description

      Prior to 1.7, teachers could change a student password (students constantly forget passwords). Since 1.7 it has been impossible to replicate this functionality using roles. To change a password, a user must have moodle/user:update permission. But this capability is only available in the system context, which is unsafe, since it would allow a teacher with such permission to change anyone's password (including the admin's).

        Activity

        Hide
        Brian King added a comment -

        This would definitely be nice.

        Additionally, there should be a way to allow teachers to create new users - without any kludgy side effects like the teacher needing to have a global teacher role assignment (and thus becoming a teacher in all courses, and seeing a list of all courses as being "their courses").

        I provide Moodle support, and I can tell you that their is a big demand for this functionality.

        Show
        Brian King added a comment - This would definitely be nice. Additionally, there should be a way to allow teachers to create new users - without any kludgy side effects like the teacher needing to have a global teacher role assignment (and thus becoming a teacher in all courses, and seeing a list of all courses as being "their courses"). I provide Moodle support, and I can tell you that their is a big demand for this functionality.
        Hide
        Tony Parke added a comment -

        I also agree that this feature is essential, we are using 1.7 and the students are constantly forgetting their passwords and there is always a stream of kids coming to me for a password reset.

        Show
        Tony Parke added a comment - I also agree that this feature is essential, we are using 1.7 and the students are constantly forgetting their passwords and there is always a stream of kids coming to me for a password reset.
        Hide
        Petr Škoda added a comment -

        It was never safe, you could enroll anybody as student and then change password. I do not really think this is a good idea. There is already forgotten password feature and users must learn to remember their passwords if they want to use computers anyway.

        Show
        Petr Škoda added a comment - It was never safe, you could enroll anybody as student and then change password. I do not really think this is a good idea. There is already forgotten password feature and users must learn to remember their passwords if they want to use computers anyway.
        Hide
        Fred Quay added a comment - - edited

        It might be possible in the context of metacourses and child courses, so as teacher can deal with that permanent need without refering to Administrator.

        Show
        Fred Quay added a comment - - edited It might be possible in the context of metacourses and child courses, so as teacher can deal with that permanent need without refering to Administrator.
        Hide
        Jeff Wood added a comment -

        I would like to see the ability of teachers to reset/edit student passwords.

        Show
        Jeff Wood added a comment - I would like to see the ability of teachers to reset/edit student passwords.
        Hide
        Anthony Borrow added a comment -

        I agree with Petr that teachers should really not be resetting passwords for their students. The student has the ability to reset their own password. I envision a student having just one more excuse that a particular teacher has it out against them and hijacked their Moodle account by reseting their password and that is why they could not participate in some online activity. Despite the number of votes, I would be inclined to classify this as 'won't fix'. Alternatively, perhaps a capability on the user context could be created to allow password change. But even this I do not like as it opens the door to too many folks being able to change the password and then login as the student and take control of the account. Peace - Anthony

        Show
        Anthony Borrow added a comment - I agree with Petr that teachers should really not be resetting passwords for their students. The student has the ability to reset their own password. I envision a student having just one more excuse that a particular teacher has it out against them and hijacked their Moodle account by reseting their password and that is why they could not participate in some online activity. Despite the number of votes, I would be inclined to classify this as 'won't fix'. Alternatively, perhaps a capability on the user context could be created to allow password change. But even this I do not like as it opens the door to too many folks being able to change the password and then login as the student and take control of the account. Peace - Anthony
        Hide
        John Isner added a comment -

        Agree. Even though I created this issue, I now have a better understanding and support "Won't fix"

        Show
        John Isner added a comment - Agree. Even though I created this issue, I now have a better understanding and support "Won't fix"
        Hide
        Michael Ritter added a comment -

        I would like to see teachers have permission to change the password only for users enrolled in their courses. I disagree with Anthony's statement about it creating an excuse for students, I do not believe this would be the case. As an admin that also has a teaching load and other roles in the school, it would be of great benefit to me to be able to have teachers reset the passwords for studnets. I think restricting the capability to users enrolled in their courses is the way to go.

        Show
        Michael Ritter added a comment - I would like to see teachers have permission to change the password only for users enrolled in their courses. I disagree with Anthony's statement about it creating an excuse for students, I do not believe this would be the case. As an admin that also has a teaching load and other roles in the school, it would be of great benefit to me to be able to have teachers reset the passwords for studnets. I think restricting the capability to users enrolled in their courses is the way to go.
        Hide
        Gareth Hamilton added a comment -

        Although I understand the rationel for not allowing teachers to reset passwords, the alternative must be considered. The alternative is that the admin password is handed out to everyone so that they can reset students passwords. Moodle uptake within our establishment is high enough now that we are no longer happy passing the Admin password to normal teachers. It is not feasible that one teacher deals with all of the password resets within the school: we do not expect one person to deal with all system password resets. At least the choice should be given to establishments so that they can decide how to operate their system.

        Show
        Gareth Hamilton added a comment - Although I understand the rationel for not allowing teachers to reset passwords, the alternative must be considered. The alternative is that the admin password is handed out to everyone so that they can reset students passwords. Moodle uptake within our establishment is high enough now that we are no longer happy passing the Admin password to normal teachers. It is not feasible that one teacher deals with all of the password resets within the school: we do not expect one person to deal with all system password resets. At least the choice should be given to establishments so that they can decide how to operate their system.
        Hide
        Petr Škoda added a comment -

        You can create a new role for resetting of password, you definitely do not want to share admin password.

        Show
        Petr Škoda added a comment - You can create a new role for resetting of password, you definitely do not want to share admin password.
        Hide
        Lynne McCulloch added a comment -

        I agree with Michael, in that I would like to see class teachers having the capability to reset the password of a student ONLY on his/her course, so that they could not effectively change the password of an admin. I'm a Moodle admin in a high school and find that many of the pupils are using the excuse of having forgotten their Moodle password to save them completing online assignments. At present, teachers of those pupils have to contact me to have the password reset - which is not always easy, as I'm not at my computer 24/7. If class teachers had this capability, it would make the whole process run a lot more smoothly and quickly.

        Show
        Lynne McCulloch added a comment - I agree with Michael, in that I would like to see class teachers having the capability to reset the password of a student ONLY on his/her course, so that they could not effectively change the password of an admin. I'm a Moodle admin in a high school and find that many of the pupils are using the excuse of having forgotten their Moodle password to save them completing online assignments. At present, teachers of those pupils have to contact me to have the password reset - which is not always easy, as I'm not at my computer 24/7. If class teachers had this capability, it would make the whole process run a lot more smoothly and quickly.
        Hide
        Petr Škoda added a comment -

        The "ONLY in his/her course" is THE problem - there are no teachers/students anymore, enrollment concept was replaced by course:view.
        In any case we do have "Forgotten your username or password? Yes, help me login" on login page and that lets them reset their passwords. You can also use different auth plugin which allows them to use only one password for several systems or even single sign on.

        Show
        Petr Škoda added a comment - The "ONLY in his/her course" is THE problem - there are no teachers/students anymore, enrollment concept was replaced by course:view. In any case we do have "Forgotten your username or password? Yes, help me login" on login page and that lets them reset their passwords. You can also use different auth plugin which allows them to use only one password for several systems or even single sign on.
        Hide
        Anthony Borrow added a comment -

        Petr - I saw John Isner's suggestion for resolving this issue as "Won't fix". With the option of creating a role for this, allowing students to reset their password, etc. I think that things are fine the way they are. I've not played with it, but would imagine that if a school wanted the teacher to be able to manage users (including do password resets) that that could be handled by giving the teacher role those capabilities. So, my +1 for "won't fix". Peace - Anthony

        Show
        Anthony Borrow added a comment - Petr - I saw John Isner's suggestion for resolving this issue as "Won't fix". With the option of creating a role for this, allowing students to reset their password, etc. I think that things are fine the way they are. I've not played with it, but would imagine that if a school wanted the teacher to be able to manage users (including do password resets) that that could be handled by giving the teacher role those capabilities. So, my +1 for "won't fix". Peace - Anthony
        Hide
        Eloy Lafuente (stronk7) added a comment -

        Resolving as won't fix as suggested. Agree it has safety problems and, also, the "forgotten password" feature is there for them.

        Ciao

        Show
        Eloy Lafuente (stronk7) added a comment - Resolving as won't fix as suggested. Agree it has safety problems and, also, the "forgotten password" feature is there for them. Ciao

          People

          • Votes:
            16 Vote for this issue
            Watchers:
            11 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: