Capability Overview allows administrators the ability to view by role a collection of permissions defined by the whole system that you can be viewed by specific users in specific contexts. The most common examples are the roles of student and teacher in the context of a course.
Permissions are paired with each capability. There are four possible permission values: Allow, Prevent, Prohibit and Not set
Step 1. Select Site Administration from the menu.
Step 2. Select the Users tab
Step 3. Scroll down and select Capability Overview
Step 4. Search or select one or more capabilities.
Select one or more
Step 5. Select the Roles and then select the Get the Overview button.
Step 6. The capabilities will be displayed for the roles selected.
The capability is Not set for the user role
This is most cases is the default position when creating a new role
The capability is Allowed for the user role
This enables a user to use a capability in a given context. This permission applies for the context that the role gets assigned plus all lower contexts. For example, if a user is assigned the role of student in a course, they will be able to start new discussions in all forums in that course (unless a forum contains an override with a prevent or prohibit value for the capability).
The capability is Prevented for the user role
By choosing this you are removing permission for this capability (only for this role), even if the users with this role were allowed that permission in a higher context. If any other role allows the same capability, even for a higher or lower context, this Prevent will have no effect.
The capability is Prohibited for the user role
This is rarely needed, but occasionally you might want to completely deny permissions to a role in a way that can NOT be overridden at any lower context or by another role. An example of when you might need this is when an admin wants to prohibit one person from starting new discussions in any forum on the whole system. In this case they can create a role with that capability set to "Prohibit" and then assign it to that user in the system context.
If a capability is set to inherit, the user's permissions remain the same as they are in a less specific context, or another role where the capability is defined. For example, if a student is allowed to attempt quiz questions at the course level, their role in a specific quiz will inherit this setting. Ultimately, if permission is never allowed at any level, then the user will have no permission for that capability.