Canvas Permissions and Granularity Feature Ideas

millerjm
Community Champion
47
16901

New! July 9, 2018 

  • Posted by Erin Hallmark: Permissions Name Updates (2018-07-14 Canvas Release) - the Permissions page includes updates to permissions names, which have also been grouped according to function. No permissions functionality has been affected.
  • The new User Interface for the Permissions Page will hit production with the July 14th, 2018 update.

You can find when Canvas updates a permission by following Canvas Permission Updates.

Granular Permissions now has a Canvas Studio area: Priority: Granular Permissions 

Exciting new update:  

See Granular Permissions Designs for information about work currently being done based on our feedback to implement changes to permissions to make them more granular!

Background

The original Feature Idea that kicked off all of these was posted by  @kona  with 306 votes and was archived because it was too general of a request.  It was also one of the Top Two Most Important Feature Ideas/Bugs/Issues for Canvas Admins.  Now on PRODUCT RADAR.

cms_hickss made another feature idea:  which was also deemed too general.  This kicked off a lot of other feature ideas, which are listed below. 

(archived) and the later   (Product Radar) would make permissions much easier for admins to manage.

Blog Post on Let's Talk More Granular User/Role Permissions which discusses the difference between user roles and permissions and what exactly is meant by the word granular.

Need and Rationale

Permissions is/are a big deal for institutions and when we have no ability to control permissions it creates a lot of extra work for admins and instructional technologists fixing what people break on accident.

These permissions requests adds up to hours of work each week either cleaning up messes or not giving people access to things because the permissions are so broad that we can't give them access, which then means that the work falls back onto canvas admins or instructional technologists.  Either way, we need a better way of granting/controlling permissions for users.  JS and CS overrides do not work consistently and are ineffective for enforcing permissions to view buttons, etc.

March 2016 update from Allison Weiss

This idea will be considered, along with several others, when we engage in a deep dive and audit of our permissions in Canvas this coming summer. If you are interested in participating in this discussion, please shoot me an email: allison@instructure.com As we consider all of the possible permission granularity requests (see Canvas Permissions and Granularity Feature Ideas), we will be considering a number of different factors, including the COST and the BENEFIT of making a change:

THE COST

What extra work will be required in the Canvas app if we break out this permission?

What is the level of engineering effort required to implement this permission split?

What will it mean for us to support this new permission indefinitely as we add new features?

THE BENEFIT

What use cases would this granular permission support?

How many of our existing customer require support for each of those use cases?

These are not the only considerations, but I mention this line of reasoning because between now and the summertime when we start to dig deep into this topic, voters on this thread have a big role to play in persuading us of the potential benefits to admins and users. Your votes and comments will help us to measure the percentage of our customer base that will actually use the permission split, if implemented.

Bottom line: Keep those votes, comments and use cases coming! They will be very valuable when it comes time to decide which requests to prioritize.

July 27 Update from  @Renee_Carney 

Greetings, Partners on Permissions

Thank you for the time, energy, experience, and knowledge you have put into these threads. The granulated permissions threads have been open and gathering information for almost a year now. This extra time has allowed  our team to collect important feedback and perspectives. Each of the permissions threads contain valuable stories that will help inform development if/when a project is allocated for. Having worked with Allison on these, and now working with Matt G., I know that the product team is sincerely interested in improving permissions, however the magnitude and impact of such a project does not make it one that is easy to squeeze in. We will be archiving these permissions threads for now.  Archiving these threads does not mean they are forgotten; they are set aside, while they are inactive projects on our roadmap. The ideas are monitored, so you can continue to add your examples and use cases to the dialogue. Please follow this thread to receive updates when they are available.

Again, thank you for the rich conversation!

Permissions/Granularity Feature Ideas

Feature IdeaStatusInstructure Response/Related Ideas
New Tool with one permission: 

Blueprint Courses (create / edit / associate / delete)

No Idea OpenedTool added with singular permission to system in July 2017.

radar-icon1.png

Product Radar

[163 votes]

It is clear that the accidental deletion of files is the biggest concern here. As I research a possible solution, is it safe to say that leaving Add and Edit permissions together would not be a concern?

radar-icon1.png

Product Radar

[144 votes]

This seem like another situation where the primary concern is the delete functionality. I will see what kind of effort this would be and will post an update there.

radar-icon1.png

Product Radar

[176 votes]

It seems like most of the concerns regarding this permission are related to the deletion of course sections. If users were limited from deleting SIS created sections, would that solve the problem without further changes?

radar-icon1.png

Product Radar

[123 votes]

January 2016 update from Mccall Smith:

After doing some research we have determined that there is a need for unbundling several permissions. The permissions project is a bigger beast than I originally thought. I know this isn't something we will be able to work on for next 3-6 months but will revisit this.

radar-icon1.png

Product Radar

[182 votes]

Are there other reasons certain users need to be able to add a user to a course but not remove the same student from the same course? If not, I'm inclined to archive this issue.

radar-icon1.png

Product Radar

[144 votes]

February 2016 update from Allison Weiss:
Thanks, everyone for your comments. I will archive this idea for now. But the big takeaway here is that the DELETE permission should generally exist apart from the CREATE and EDIT permissions. Lesson learned and we'll see how we might apply that principle going forward.

radar-icon1.png

Product Radar

[166 votes]

January 2016 update from Jason Sparks:
Thank you all for the additional feedback.  I do understand your need.  We are looking at how we can prioritize this in all of the additional work planned for 2016.  I do not have a timeline, but will share more when I am able.

radar-icon1.png

Product Radar

[146 votes]

...I have a follow-up question to your use case of students moderating class discussions. Does that mean that for one discussion and one discussion only, you would like to set a student as a "Discussion Leader"? Or is this more like a TA where you have a permission set that persists throughout the course?

radar-icon1.png

Product Radar

[155 votes]

I understand the reasons why it would be helpful to separate out the delete permission. I'm looking into how big the effort would be and will post an update here.

radar-icon1.png

Product Radar

[217 votes]

It seems like the group consensus is that it would be more important to separate out the "remove" permission more than separating the management of teachers from the management of TAs and Course Designers. Would that be a fair description? If there were two permissions, "Add other teachers, course designers, TAs, and Observers to the course" and "Remove teachers, course designers, TAs, and Observers from the course" would that be sufficient for your institution?

radar-icon1.png

Product Radar

[158 votes]

February 2016 update from Allison Weiss:

Thanks, everyone for your comments. This is an idea I will archive for now. But the big takeaway here is that the DELETE permission should generally exist apart from the CREATE and EDIT permissions. Lesson learned and we'll see how we might apply that principle going forward.

Archived

[13 votes]

Commons Permissions (Account Roles)

225188_pastedImage_1.png

Cold Storage

 

[15 votes]

New account level permission needed, "View sub-account" permission

225188_pastedImage_1.png

Cold Storage

[17 votes]

Permissions for Designer or TA role to upload SCORM content

225188_pastedImage_1.png

Cold Storage

[3 votes]

A permission setting that controls whether a particular role will receive notifications and announcements

225188_pastedImage_1.png

Cold Storage

[5 votes]

In Account level Groups, allow more permissions Leader vs. User

225188_pastedImage_1.png

Cold Storage

[19 votes]

Course level permission to view all course content

225188_pastedImage_1.png

Cold Storage

[closed without voting]

Was told this should be part of

Separate permissions for course developing and course delivering

225188_pastedImage_1.png

Cold Storage

[closed without voting]

Was told this should be part of

TA to have grading access but not gradebook access

225188_pastedImage_1.png

Cold Storage

[12 votes]

Commons Admin - Need option to give access by role

225188_pastedImage_1.png

Cold Storage

 

[16 votes]

Disable Changing Course Start and End Dates

225188_pastedImage_1.png

Cold Storage

[19 votes]

Disable Changing Start/End Dates

Disable Changing Start/End Dates

225188_pastedImage_1.png

Cold Storage

[15 votes]

Disable Changing Course Start and End Dates

Outcome Delete Permissions for Teacher Role (Course-Level)

225188_pastedImage_1.png

Cold Storage

[6 votes]

Masquerade as View-Only or Options

225188_pastedImage_1.png

Cold Storage

[21 votes]

Remove "Students" from inbox list when "Send Messages" permissions are disabled

225188_pastedImage_1.png

Cold Storage

[4 votes]

Limit visibility to Section Users

225188_pastedImage_1.png

Cold Storage

[48 votes]

Not authorized to view the specified document 2879

??? - Is this completed by Canvas Production Release Notes (2017-04-01) ?  I can't read the feature idea since it's in cold storage.

Let observers see discussion comments for only their student

225188_pastedImage_1.png

Cold Storage

[14 votes]

In Permissions, Add View Files and Access Class Rolls

225188_pastedImage_1.png

Cold Storage

[5 votes]

In Permissions, Separate "View Grades" into 2 Permissions

225188_pastedImage_1.png

Cold Storage

[12 votes]

radar-icon1.png

Product Radar

[105 votes]

Filter Terms: Sub-Account Admins Should Only See Terms For Their Sub-Account

225188_pastedImage_1.png

Cold Storage

[12 votes]

a way to see student view for each student

225188_pastedImage_1.png

Cold Storage

[62 votes]

radar-icon1.png

Product Radar

[153 votes]
Protect students-->Make "send messages to individual users" a more granular permission

225188_pastedImage_1.png

Cold Storage

CompletedCanvas Production Release Notes (2017-04-01) 
Permission Settings Report or Extract

225188_pastedImage_1.png

Cold Storage

In Permissions, Add a "View Only" Permission after Course Conclusion

225188_pastedImage_1.png

Cold Storage

Include file permission options when uploading files via Content Selector.

225188_pastedImage_1.png

Cold Storage

Details no longer viewable [39 votes]
Protect students-->Make "send messages to individual users" a more granular permission

225188_pastedImage_1.png

Cold Storage

Details no longer viewable
https://community.canvaslms.com/ideas/8201 

Archived

[12 votes]

https://community.canvaslms.com/ideas/8354 

Archived

[11 votes]

https://community.canvaslms.com/ideas/7943 

https://community.canvaslms.com/ideas/6389 

Archived

[40 votes]

Archived

[32 votes]

https://community.canvaslms.com/ideas/2477 

Archived

[12 votes]

https://community.canvaslms.com/ideas/9044-blueprint-permissions-make-them-exclusive-for-course-edit... 

Open for Voting

 https://community.canvaslms.com/ideas/8987-allow-observer-permission-to-view-analytics-pages 

Open for Voting

https://community.canvaslms.com/ideas/9332-account-role-with-no-elevated-access 

Open for Voting

https://community.canvaslms.com/ideas/8322 

Archived

[16 votes]

https://community.canvaslms.com/ideas/3282 

Archived

[29 votes]

https://community.canvaslms.com/ideas/4639 

Archived

[17 votes]

https://community.canvaslms.com/ideas/7917 

Archived

[7 votes]

https://community.canvaslms.com/ideas/1051-default-notification-settings-profiles-by-user-role 

Open for Voting

https://community.canvaslms.com/ideas/8354 

Archived

[11 votes]

https://community.canvaslms.com/ideas/8695-select-all-permissions-option 

Open for Voting

https://community.canvaslms.com/ideas/8338 

225188_pastedImage_1.png

Cold Storage

[33 votes]

https://community.canvaslms.com/ideas/8350 

Archived

https://community.canvaslms.com/ideas/7424 

Archived

https://community.canvaslms.com/ideas/4382 

Archived

[4 votes]

https://community.canvaslms.com/ideas/7222 

Archived

[39 votes]

https://community.canvaslms.com/ideas/3436 

Archived

[15 votes]

https://community.canvaslms.com/ideas/7048 

Archived

Determined to be a bug, no update. 
https://community.canvaslms.com/ideas/2468 

Archived

[13 votes]

https://community.canvaslms.com/ideas/1566 Archived
https://community.canvaslms.com/ideas/8806-course-level-permissions-for-startend-date Open for Voting
https://community.canvaslms.com/ideas/6088" modifiedtitle="true" title="Protect students-->Make "... 

Archived

[4 votes]

https://community.canvaslms.com/ideas/5892 

Archived

[18 votes]

https://community.canvaslms.com/ideas/5911 

Archived

[9 votes]

https://community.canvaslms.com/ideas/7504 

Archived

[2 votes]

https://community.canvaslms.com/ideas/2017 

Archived

[37 votes]

COMPLETED

Also similar to this archived idea:  

Add new role permission - Post to Announcements

COMPLETEDCanvas Production Release Notes (2016-11-19)
COMPLETEDCommons Release Notes (2015-11-23)
COMPLETEDSeems to have been changed in April 2016 sometime.  Not in release notes.
COMPLETEDCanvas Production Release Notes (2017-04-01) 

Here are some other things related to Permissions that may be useful:

TAs can now edit course settings?

Student view as a permission

Canvas Permissions for Specific Roles - Share Yours!

Hidden Canvas Permissions

Manage Profile Pictures - Permissions

Further customize instructor permissions

Course Role Permission to create Announcements?

Attendance role and permissions

What does every permission setting impact?

How to set the course details page as read only for faculty??

What does every permission setting impact?

Read SIS Permission What does this allow?

Remove "delete course" permission from teacher

What admin features would you like to see?

Help with a custom JS File??

Account Role - Permissions to view gradebook

ADA Mentor Access Role

Needed Permissions to Allow only Rubric and Outcome

managing student permissions to see folders and upload into them

Is there a permissions setting I can adjust so that a user with "Teacher" role cannot edit the name ...

What permissions trigger Commons admin access?

Sub-account admins being denied permissions

Sub-Account Admin Permissions 

Permissions for Head of Faculty 

Create roles/permissions at the course level

How can I prevent teachers editing the course homepage? 

Are your students able to hack a hidden People page?

James Jones posted How do I see all users that have been added to subaccounts as admins? with a cool way to get a list of all of the admins and sub-account admins.

Canvas Beta Release Notes (2016-03-21)

The good:  Account Roles:  Import SIS Imports and Manage SIS Imports separated!

The bad:   Permanently Delete this Course added to the Change Course State

See Comments:  if we could include this function into the User Permissions options then each school could control which roles have access to performing this function ( Help Admins, Teachers, T.A.'s, Students) I can see this curing a lot of concerns.

Other Important Things to Remember with Roles

When you copy/duplicate an out of the box role it carries with it the category that it was copied from. In other words, if you duplicate the Teacher Role and name it "Principal" (both name and SISID) and then assign that role to a user, other users (including students) will see that user listed under "Teachers" in the People Tool and in the Conversations Tool.

This is bad. Why? Because a student might not know that Person X isn't really a teacher assigned to that course/section and that this person should not be contacted if you have questions or need help with course content.

Newly created roles should not automatically be assigned to the same role category as the role it was duplicated from. 

New!  Granular Permissions now has a Canvas Studio area: Priority: Granular Permissions 

  • Posted by Erin Hallmark: Permissions Name Updates (2018-07-14 Canvas Release) - the Permissions page includes updates to permissions names, which have also been grouped according to function. No permissions functionality has been affected.
  • The new User Interface for the Permissions Page will hit production with the July 14th, 2018 update.
47 Comments