Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-10022

Teachers unable to reset student passwords

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Won't Fix
    • Affects Version/s: 1.8
    • Fix Version/s: None
    • Component/s: Roles / Access
    • Labels:
      None
    • Affected Branches:
      MOODLE_18_STABLE

      Description

      Prior to 1.7, teachers could change a student password (students constantly forget passwords). Since 1.7 it has been impossible to replicate this functionality using roles. To change a password, a user must have moodle/user:update permission. But this capability is only available in the system context, which is unsafe, since it would allow a teacher with such permission to change anyone's password (including the admin's).

        Gliffy Diagrams

          Attachments

            Activity

            Hide
            brianking Brian King added a comment -

            This would definitely be nice.

            Additionally, there should be a way to allow teachers to create new users - without any kludgy side effects like the teacher needing to have a global teacher role assignment (and thus becoming a teacher in all courses, and seeing a list of all courses as being "their courses").

            I provide Moodle support, and I can tell you that their is a big demand for this functionality.

            Show
            brianking Brian King added a comment - This would definitely be nice. Additionally, there should be a way to allow teachers to create new users - without any kludgy side effects like the teacher needing to have a global teacher role assignment (and thus becoming a teacher in all courses, and seeing a list of all courses as being "their courses"). I provide Moodle support, and I can tell you that their is a big demand for this functionality.
            Hide
            tparke Tony Parke added a comment -

            I also agree that this feature is essential, we are using 1.7 and the students are constantly forgetting their passwords and there is always a stream of kids coming to me for a password reset.

            Show
            tparke Tony Parke added a comment - I also agree that this feature is essential, we are using 1.7 and the students are constantly forgetting their passwords and there is always a stream of kids coming to me for a password reset.
            Hide
            skodak Petr Skoda added a comment -

            It was never safe, you could enroll anybody as student and then change password. I do not really think this is a good idea. There is already forgotten password feature and users must learn to remember their passwords if they want to use computers anyway.

            Show
            skodak Petr Skoda added a comment - It was never safe, you could enroll anybody as student and then change password. I do not really think this is a good idea. There is already forgotten password feature and users must learn to remember their passwords if they want to use computers anyway.
            Hide
            fredq Fred Quay added a comment - - edited

            It might be possible in the context of metacourses and child courses, so as teacher can deal with that permanent need without refering to Administrator.

            Show
            fredq Fred Quay added a comment - - edited It might be possible in the context of metacourses and child courses, so as teacher can deal with that permanent need without refering to Administrator.
            Hide
            nccduke Jeff Wood added a comment -

            I would like to see the ability of teachers to reset/edit student passwords.

            Show
            nccduke Jeff Wood added a comment - I would like to see the ability of teachers to reset/edit student passwords.
            Hide
            aborrow Anthony Borrow added a comment -

            I agree with Petr that teachers should really not be resetting passwords for their students. The student has the ability to reset their own password. I envision a student having just one more excuse that a particular teacher has it out against them and hijacked their Moodle account by reseting their password and that is why they could not participate in some online activity. Despite the number of votes, I would be inclined to classify this as 'won't fix'. Alternatively, perhaps a capability on the user context could be created to allow password change. But even this I do not like as it opens the door to too many folks being able to change the password and then login as the student and take control of the account. Peace - Anthony

            Show
            aborrow Anthony Borrow added a comment - I agree with Petr that teachers should really not be resetting passwords for their students. The student has the ability to reset their own password. I envision a student having just one more excuse that a particular teacher has it out against them and hijacked their Moodle account by reseting their password and that is why they could not participate in some online activity. Despite the number of votes, I would be inclined to classify this as 'won't fix'. Alternatively, perhaps a capability on the user context could be created to allow password change. But even this I do not like as it opens the door to too many folks being able to change the password and then login as the student and take control of the account. Peace - Anthony
            Hide
            jisner John Isner added a comment -

            Agree. Even though I created this issue, I now have a better understanding and support "Won't fix"

            Show
            jisner John Isner added a comment - Agree. Even though I created this issue, I now have a better understanding and support "Won't fix"
            Hide
            mtritter Michael Ritter added a comment -

            I would like to see teachers have permission to change the password only for users enrolled in their courses. I disagree with Anthony's statement about it creating an excuse for students, I do not believe this would be the case. As an admin that also has a teaching load and other roles in the school, it would be of great benefit to me to be able to have teachers reset the passwords for studnets. I think restricting the capability to users enrolled in their courses is the way to go.

            Show
            mtritter Michael Ritter added a comment - I would like to see teachers have permission to change the password only for users enrolled in their courses. I disagree with Anthony's statement about it creating an excuse for students, I do not believe this would be the case. As an admin that also has a teaching load and other roles in the school, it would be of great benefit to me to be able to have teachers reset the passwords for studnets. I think restricting the capability to users enrolled in their courses is the way to go.
            Hide
            gdl Gareth Hamilton added a comment -

            Although I understand the rationel for not allowing teachers to reset passwords, the alternative must be considered. The alternative is that the admin password is handed out to everyone so that they can reset students passwords. Moodle uptake within our establishment is high enough now that we are no longer happy passing the Admin password to normal teachers. It is not feasible that one teacher deals with all of the password resets within the school: we do not expect one person to deal with all system password resets. At least the choice should be given to establishments so that they can decide how to operate their system.

            Show
            gdl Gareth Hamilton added a comment - Although I understand the rationel for not allowing teachers to reset passwords, the alternative must be considered. The alternative is that the admin password is handed out to everyone so that they can reset students passwords. Moodle uptake within our establishment is high enough now that we are no longer happy passing the Admin password to normal teachers. It is not feasible that one teacher deals with all of the password resets within the school: we do not expect one person to deal with all system password resets. At least the choice should be given to establishments so that they can decide how to operate their system.
            Hide
            skodak Petr Skoda added a comment -

            You can create a new role for resetting of password, you definitely do not want to share admin password.

            Show
            skodak Petr Skoda added a comment - You can create a new role for resetting of password, you definitely do not want to share admin password.
            Hide
            lmcculloch Lynne McCulloch added a comment -

            I agree with Michael, in that I would like to see class teachers having the capability to reset the password of a student ONLY on his/her course, so that they could not effectively change the password of an admin. I'm a Moodle admin in a high school and find that many of the pupils are using the excuse of having forgotten their Moodle password to save them completing online assignments. At present, teachers of those pupils have to contact me to have the password reset - which is not always easy, as I'm not at my computer 24/7. If class teachers had this capability, it would make the whole process run a lot more smoothly and quickly.

            Show
            lmcculloch Lynne McCulloch added a comment - I agree with Michael, in that I would like to see class teachers having the capability to reset the password of a student ONLY on his/her course, so that they could not effectively change the password of an admin. I'm a Moodle admin in a high school and find that many of the pupils are using the excuse of having forgotten their Moodle password to save them completing online assignments. At present, teachers of those pupils have to contact me to have the password reset - which is not always easy, as I'm not at my computer 24/7. If class teachers had this capability, it would make the whole process run a lot more smoothly and quickly.
            Hide
            skodak Petr Skoda added a comment -

            The "ONLY in his/her course" is THE problem - there are no teachers/students anymore, enrollment concept was replaced by course:view.
            In any case we do have "Forgotten your username or password? Yes, help me login" on login page and that lets them reset their passwords. You can also use different auth plugin which allows them to use only one password for several systems or even single sign on.

            Show
            skodak Petr Skoda added a comment - The "ONLY in his/her course" is THE problem - there are no teachers/students anymore, enrollment concept was replaced by course:view. In any case we do have "Forgotten your username or password? Yes, help me login" on login page and that lets them reset their passwords. You can also use different auth plugin which allows them to use only one password for several systems or even single sign on.
            Hide
            aborrow Anthony Borrow added a comment -

            Petr - I saw John Isner's suggestion for resolving this issue as "Won't fix". With the option of creating a role for this, allowing students to reset their password, etc. I think that things are fine the way they are. I've not played with it, but would imagine that if a school wanted the teacher to be able to manage users (including do password resets) that that could be handled by giving the teacher role those capabilities. So, my +1 for "won't fix". Peace - Anthony

            Show
            aborrow Anthony Borrow added a comment - Petr - I saw John Isner's suggestion for resolving this issue as "Won't fix". With the option of creating a role for this, allowing students to reset their password, etc. I think that things are fine the way they are. I've not played with it, but would imagine that if a school wanted the teacher to be able to manage users (including do password resets) that that could be handled by giving the teacher role those capabilities. So, my +1 for "won't fix". Peace - Anthony
            Hide
            stronk7 Eloy Lafuente (stronk7) added a comment -

            Resolving as won't fix as suggested. Agree it has safety problems and, also, the "forgotten password" feature is there for them.

            Ciao

            Show
            stronk7 Eloy Lafuente (stronk7) added a comment - Resolving as won't fix as suggested. Agree it has safety problems and, also, the "forgotten password" feature is there for them. Ciao

              People

              • Votes:
                16 Vote for this issue
                Watchers:
                11 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: