We have a capability, moodle/role:unassignself, which controls whether a user can unenrol themselves from a course. However, we don't have the opposite capability moodle/role:assignself.

By coincidence, the two posts this morning in the Roles and Capabilities forum (http://moodle.org/mod/forum/discuss.php?d=57812#p481435 and http://moodle.org/mod/forum/discuss.php?d=109637) need this capability to answer their question. The use cases look like this:

1. A site has set all courses to set to allow students to self-enrol, because that is what makes sense administratively for them.

2. However, they need to let some other categories of user into their site (in one case it is parents, in another case it is guest students from another institution). These particular users should not be able to self-enrol in any courses.

3. The answer to these requests should be:

a) Create a role called 'Cannot self-register' with capability moodle/role:assignself set to Prohibit.
b) Assign that role to the users in question in the System context.

However, we can't tell people that, because that capability does not exist yet.

I discussed this with Martin D, and he agreed this was a good idea and told me to file this bug targeted at Moodle 2.0.