OpenOLAT roles are global: Administrator, user manager, group manger, ...
The roles implementation uses an old security group construct that should be refactored to the group/groupMembership construct used for all other memberships and roles. Global roles are memberships on the default/root organisation.
For all sub-organisations, roles memberships should be set up as well. E.g:
- User manager for a sub-set of users via an organisational membership
- Learning resource manager for a sub-set of learning resources via the learning resource relation to an organisation. This membership role must be replicated to all the child-organisations as well to work as expected (those memberships should be marked as "inherited" and be added and remove automatically)
- Authors can create learning resources and relate them with their organisation
- Coaches can coach users of the same organisation (new role)
The roles object needs to be refactored as well to reflect those organisation memberships and roles. Needs TBD how it should be done to make coding practical.