Canvas Permissions and Granularity Feature Ideas

Document created by Joni Miller Expert on Mar 3, 2016Last modified by cms_hickss on Nov 15, 2017
Version 36Show Document
  • View in full screen mode

Exciting new update:  

See Granular Permissions Designs for information about work currently being done based on our feedback to implement changes to permissions to make them more granular!

Background

The original Feature Idea that kicked off all of these wasMore granular permissions for admins posted by Kona Jones with 306 votes and was archived because it was too general of a request.  It was also one of the Top Two Most Important Feature Ideas/Bugs/Issues for Canvas Admins.  Now on PRODUCT RADAR.

Susan Hicks made another feature idea:  In Permissions, Change "ADD, EDIT, and DELETE" into Three Separate Settings which was also deemed too general.  This kicked off a lot of other feature ideas, which are listed below. 

 

Permissions Settings - Make column and row headings scroll (archived) and the later Permissions Page improvements  (Product Radar) would make permissions much easier for admins to manage.

 

Blog Post on Let's Talk More Granular User/Role Permissions which discusses the difference between user roles and permissions and what exactly is meant by the word granular.

 

You can find when Canvas updates a permission by following Canvas Permission Updates.

New!  Granular Permissions now has a Canvas Studio area: Priority: Granular Permissions 

Need and Rationale

Permissions is/are a big deal for institutions and when we have no ability to control permissions it creates a lot of extra work for admins and instructional technologists fixing what people break on accident.

 

These permissions requests adds up to hours of work each week either cleaning up messes or not giving people access to things because the permissions are so broad that we can't give them access, which then means that the work falls back onto canvas admins or instructional technologists.  Either way, we need a better way of granting/controlling permissions for users.  JS and CS overrides do not work consistently and are ineffective for enforcing permissions to view buttons, etc.

March 2016 update from Allison Weiss

This idea will be considered, along with several others, when we engage in a deep dive and audit of our permissions in Canvas this coming summer. If you are interested in participating in this discussion, please shoot me an email: allison@instructure.com As we consider all of the possible permission granularity requests (see Canvas Permissions and Granularity Feature Ideas), we will be considering a number of different factors, including the COST and the BENEFIT of making a change:

 

THE COST

What extra work will be required in the Canvas app if we break out this permission?

What is the level of engineering effort required to implement this permission split?

What will it mean for us to support this new permission indefinitely as we add new features?

 

THE BENEFIT

What use cases would this granular permission support?

How many of our existing customer require support for each of those use cases?

 

These are not the only considerations, but I mention this line of reasoning because between now and the summertime when we start to dig deep into this topic, voters on this thread have a big role to play in persuading us of the potential benefits to admins and users. Your votes and comments will help us to measure the percentage of our customer base that will actually use the permission split, if implemented.

 

Bottom line: Keep those votes, comments and use cases coming! They will be very valuable when it comes time to decide which requests to prioritize.

 

July 27 Update from Renee Carney

Greetings, Partners on Permissions

 

Thank you for the time, energy, experience, and knowledge you have put into these threads. The granulated permissions threads have been open and gathering information for almost a year now. This extra time has allowed  our team to collect important feedback and perspectives. Each of the permissions threads contain valuable stories that will help inform development if/when a project is allocated for. Having worked with Allison on these, and now working with Matt G., I know that the product team is sincerely interested in improving permissions, however the magnitude and impact of such a project does not make it one that is easy to squeeze in. We will be archiving these permissions threads for now.  Archiving these threads does not mean they are forgotten; they are set aside, while they are inactive projects on our roadmap. The ideas are monitored, so you can continue to add your examples and use cases to the dialogue. Please follow this thread to receive updates when they are available.

 

Again, thank you for the rich conversation!

 

 

Permissions/Granularity Feature Ideas

 

Feature IdeaStatusInstructure Response/Related Ideas
New Tool with one permission: 

 

Blueprint Courses (create / edit / associate / delete)

No Idea OpenedTool added with singular permission to system in July 2017.
In Permissions, Separate "Manage (add/edit/delete) course files" into 3 permissions

radar-icon1.png

Product Radar

[163 votes]

It is clear that the accidental deletion of files is the biggest concern here. As I research a possible solution, is it safe to say that leaving Add and Edit permissions together would not be a concern?
In Permissions, Separate "Manage wiki (add/edit/delete pages)" into 3 permissions

radar-icon1.png

Product Radar

[144 votes]

This seem like another situation where the primary concern is the delete functionality. I will see what kind of effort this would be and will post an update there.
In Permissions, Separate "Manage (create/edit/delete) course sections" into 3 permissions

radar-icon1.png

Product Radar

[176 votes]

It seems like most of the concerns regarding this permission are related to the deletion of course sections. If users were limited from deleting SIS created sections, would that solve the problem without further changes?
In Permissions, Separate "Create and edit assessing rubrics" into 2 permissions

radar-icon1.png

Product Radar

[123 votes]

January 2016 update from Mccall Smith:

After doing some research we have determined that there is a need for unbundling several permissions. The permissions project is a bigger beast than I originally thought. I know this isn't something we will be able to work on for next 3-6 months but will revisit this.

In Permissions, Separate "Add/remove students for the course" into 2 permissions

radar-icon1.png

Product Radar

[182 votes]

Are there other reasons certain users need to be able to add a user to a course but not remove the same student from the same course? If not, I'm inclined to archive this issue.
In Permissions, Separate "Add, edit and delete events on the course calendar" into 3 permissions

radar-icon1.png

Product Radar

[144 votes]

February 2016 update from Allison Weiss:
Thanks, everyone for your comments. I will archive this idea for now. But the big takeaway here is that the DELETE permission should generally exist apart from the CREATE and EDIT permissions. Lesson learned and we'll see how we might apply that principle going forward.
In Permissions, Separate "Manage (add/edit/delete) assignments and quizzes" into 3 permissions

radar-icon1.png

Product Radar

[166 votes]

January 2016 update from Jason Sparks:
Thank you all for the additional feedback.  I do understand your need.  We are looking at how we can prioritize this in all of the additional work planned for 2016.  I do not have a timeline, but will share more when I am able.

In Permissions, Separate "Moderate discussions (delete/edit other's posts, lock topics)" into 3 permissions

radar-icon1.png

Product Radar

[146 votes]

...I have a follow-up question to your use case of students moderating class discussions. Does that mean that for one discussion and one discussion only, you would like to set a student as a "Discussion Leader"? Or is this more like a TA where you have a permission set that persists throughout the course?
In Permissions, Separate Manage (add/edit/delete) courses into 3 permissions

radar-icon1.png

Product Radar

[155 votes]

I understand the reasons why it would be helpful to separate out the delete permission. I'm looking into how big the effort would be and will post an update here.
In Permissions, Separate "Add/remove other teachers, course designers, TAs, and Observers to the course" into 8 permissions

radar-icon1.png

Product Radar

[217 votes]

It seems like the group consensus is that it would be more important to separate out the "remove" permission more than separating the management of teachers from the management of TAs and Course Designers. Would that be a fair description? If there were two permissions, "Add other teachers, course designers, TAs, and Observers to the course" and "Remove teachers, course designers, TAs, and Observers from the course" would that be sufficient for your institution?
In Permissions, Separate "Manage (create/edit /delete) groups" into 3 permissions

radar-icon1.png

Product Radar

[158 votes]

February 2016 update from Allison Weiss:

Thanks, everyone for your comments. This is an idea I will archive for now. But the big takeaway here is that the DELETE permission should generally exist apart from the CREATE and EDIT permissions. Lesson learned and we'll see how we might apply that principle going forward.

Permissions - Able to view student submissions without being able to score with rubrics.

Archived

[13 votes]

Commons Permissions (Account Roles)

Commons Permissions (Account Roles)

Cold Storage

 

[15 votes]

New account level permission needed, "View sub-account" permission

New account level permission needed, "View sub-account" permission

Cold Storage

[17 votes]

Permissions for Designer or TA role to upload SCORM content

Permissions for Designer or TA role to upload SCORM content

Cold Storage

[3 votes]

A permission setting that controls whether a particular role will receive notifications and announcements

A permission setting that controls whether a particular role will receive notifications and announcements

Cold Storage

[5 votes]

In Account level Groups, allow more permissions Leader vs. User

In Account level Groups, allow more permissions Leader vs. User

Cold Storage

[19 votes]

Course level permission to view all course content

Course level permission to view all course content

Cold Storage

[closed without voting]

Was told this should be part of More granular permissions for admins

Separate permissions for course developing and course delivering

Separate permissions for course developing and course delivering

Cold Storage

[closed without voting]

Was told this should be part of More granular permissions for admins

TA to have grading access but not gradebook access

TA to have grading access but not gradebook access

Cold Storage

[12 votes]

Commons Admin - Need option to give access by role

Commons Admin - Need option to give access by role

Cold Storage

 

[16 votes]

Disable Changing Course Start and End Dates

Disable Changing Course Start and End Dates

Cold Storage

[19 votes]

Disable Changing Start/End Dates

Disable Changing Start/End Dates

Disable Changing Start/End Dates

Disable Changing Start/End Dates

Cold Storage

[15 votes]

Disable Changing Course Start and End Dates

Disable Changing Course Start and End Dates

Outcome Delete Permissions for Teacher Role (Course-Level)

Outcome Delete Permissions for Teacher Role (Course-Level)

Cold Storage

[6 votes]

Masquerade as View-Only or Options

Masquerade as View-Only or Options

Cold Storage

[21 votes]

Not authorized to view the specified idea 4382

Remove "Students" from inbox list when "Send Messages" permissions are disabled

Cold Storage

[4 votes]

Limit visibility to Section Users

Limit visibility to Section Users

Cold Storage

[48 votes]

How do I limit a user to only interact with other users in the same course section?

Limit student users to only see fellow section users by API

??? - Is this completed by Canvas Production Release Notes (2017-04-01) ?  I can't read the feature idea since it's in cold storage.

Let observers see discussion comments for only their student

Let observers see discussion comments for only their student

Cold Storage

[14 votes]

In Permissions, Add View Files and Access Class Rolls

In Permissions, Add View Files and Access Class Rolls

Cold Storage

[5 votes]

In Permissions, Separate "View Grades" into 2 Permissions

In Permissions, Separate "View Grades" into 2 Permissions

Cold Storage

[12 votes]
Remove the ability to start a new attempt from the 'Submission Details' Page

radar-icon1.png

Product Radar

[105 votes]

Filter Terms: Sub-Account Admins Should Only See Terms For Their Sub-Account

Filter Terms: Sub-Account Admins Should Only See Terms For Their Sub-Account

Cold Storage

[12 votes]

a way to see student view for each student

Cold Storage

[62 votes]

User Activity and Analytics reports for Instructors: Exclude Masquerade activity

radar-icon1.png

Product Radar

[153 votes]
Protect students-->Make "send messages to individual users" a more granular permission

Cold Storage

Edit Section: Restricting students to see own section onlyCompletedCanvas Production Release Notes (2017-04-01) 
Permission Settings Report or Extract

Cold Storage

In Permissions, Add a "View Only" Permission after Course Conclusion

Cold Storage

Include file permission options when uploading files via Content Selector.

Cold Storage

Details no longer viewable [39 votes]
Protect students-->Make "send messages to individual users" a more granular permission

Cold Storage

Details no longer viewable
Add Visibility in Course Settings to Permissions 

Archived

[12 votes]

Permissions for the features on the groups page 

Archived

[11 votes]

Separating Gradebook Permissions from Assignment Grading 

Separate assignment grading from grade book access 

Archived

[40 votes]

Archived

[32 votes]

Remove un-used Global Roles from a Course's dropdown menu in the People page 

Archived

[12 votes]

Blueprint Permissions: Make them exclusive for course edits 

Open for Voting

 Allow Observer permission to View Analytics Pages 

Open for Voting

Account Role with no elevated access 

Open for Voting

Sub-Account Admin Permission Settings - Masquerade/SISImport 

Archived

[16 votes]

Masquerading in Sub-Accounts 

Archived

[29 votes]

New account level permission needed, "View sub-account" permission 

Archived

[17 votes]

Restrict Teachers from Editing Course Details 

Archived

[7 votes]

Default notification settings profiles by user role 

Open for Voting

Permissions for the features on the groups page 

Archived

[11 votes]

"Select All" permissions option 

Open for Voting

Permissions for Course Date Settings 

Cold Storage

[33 votes]

Separate permissions for each functionality 

Archived

Break up Add/Edit/Delete Permissions 

Archived

Remove "Students" from inbox list when "Send Messages" permissions are disabled 

Archived

[4 votes]

Permission Settings Report or Extract 

Archived

[39 votes]

Commons Permissions (Account Roles) 

Archived

[15 votes]

Expand scope of “message” permissions to include replies to messages received 

Archived

Determined to be a bug, no update. 
Discussion permission levels 

Archived

[13 votes]

Course level permission to view all course content Archived
Course level permissions for Start/End Date Open for Voting
Protect students-->Make "send messages to individual users" a more granular permission 

Archived

[4 votes]

Limit Sub-Account Admin Role to Only Be Able to Enroll Established Canvas Users 

Archived

[18 votes]

Commons Admin - On/Off Share to Account 

Archived

[9 votes]

Instructor View for Admins 

Archived

[2 votes]

Course Rights need to override Admin Rights 

Archived

[37 votes]

Permission for Observers - Uncouple Discussions and AnnouncementsCOMPLETED

Also similar to this archived idea:   Add new role permission - Post to Announcements

Add new role permission - Post to Announcements

Add course-level & account-level permissions for LTI installationCOMPLETEDCanvas Production Release Notes (2016-11-19)
Include custom teacher-derived roles for commons content importCOMPLETEDCommons Release Notes (2015-11-23)
Unbundle View Prior Enrollments from Add Students PermissionsCOMPLETEDSeems to have been changed in April 2016 sometime.  Not in release notes.
Course-Level Setting: Restrict Users to Their Own Section(s)COMPLETEDCanvas Production Release Notes (2017-04-01) 

Here are some other things related to Permissions that may be useful:

TAs can now edit course settings?

Student view as a permission

Canvas Permissions for Specific Roles - Share Yours!

Hidden Canvas Permissions

Manage Profile Pictures - Permissions

Further customize instructor permissions

Course Role Permission to create Announcements?

Attendance role and permissions

What does every permission setting impact?

How to set the course details page as read only for faculty??

What does every permission setting impact?

Read SIS Permission What does this allow?

Remove "delete course" permission from teacher

What admin features would you like to see?

Help with a custom JS File??

Account Role - Permissions to view gradebook

ADA Mentor Access Role

Needed Permissions to Allow only Rubric and Outcome

managing student permissions to see folders and upload into them

Is there a permissions setting I can adjust so that a user with "Teacher" role cannot edit the name of a course?

What permissions trigger Commons admin access?

Sub-account admins being denied permissions

Sub-Account Admin Permissions 

Permissions for Head of Faculty 

Create roles/permissions at the course level

How can I prevent teachers editing the course homepage? 

Are your students able to hack a hidden People page?

 

James Jones posted How do I see all users that have been added to subaccounts as admins? with a cool way to get a list of all of the admins and sub-account admins.

 

Canvas Beta Release Notes (2016-03-21)

The good:  Account Roles:  Import SIS Imports and Manage SIS Imports separated!

The bad:   Permanently Delete this Course added to the Change Course State

 

Delete submissions by students

See Comments:  if we could include this function into the User Permissions options then each school could control which roles have access to performing this function ( Help Admins, Teachers, T.A.'s, Students) I can see this curing a lot of concerns.

 

Other Important Things to Remember with Roles

When you copy/duplicate an out of the box role it carries with it the category that it was copied from. In other words, if you duplicate the Teacher Role and name it "Principal" (both name and SISID) and then assign that role to a user, other users (including students) will see that user listed under "Teachers" in the People Tool and in the Conversations Tool.

 

This is bad. Why? Because a student might not know that Person X isn't really a teacher assigned to that course/section and that this person should not be contacted if you have questions or need help with course content.

 

Newly created roles should not automatically be assigned to the same role category as the role it was duplicated from. 

New!  Granular Permissions now has a Canvas Studio area: Priority: Granular Permissions 

9 people found this helpful

Attachments

    Outcomes