I want to give teachers the right to update the user profiles of the students they take care of (because young students frequently forget their passwords and in many cases do not have access to the registered mail address when in class).

I have created a role 'user manager' that has the capabilities 'moodle/user:update' and 'moodle/user:edit'. If I assign this role to a erachte in the global context that works fine, however I would like to restrict the right to the profiles of their own students. To make this work I would like to assign the role only in the context of a cohort via `admin/tool/cohortroles/`.

This works for the capability 'moodle/user:edit', i.e. the teacher can edit the user profile via `user/edit.php`. However this does not allow to change the password where `user/editadvanced.php` is the place to go which requires the capability 'moodle/user:update'. But the check for this capability fails because it is only checked in the system-wide context and not in the personal context as it is done in `user/edit.php`.