Canvas Permissions and Granularity Feature Ideas

Document created by Joni Miller Expert on Mar 3, 2016Last modified by cms_hickss on Jul 31, 2017
Version 31Show Document
  • View in full screen mode

Background

The original Feature Idea that kicked off all of these wasMore granular permissions for admins posted by Kona Jones with 306 votes and was archived because it was too general of a request.  It was also one of the Top Two Most Important Feature Ideas/Bugs/Issues for Canvas Admins.  Now on PRODUCT RADAR.

Susan Hicks made another feature idea:  In Permissions, Change "ADD, EDIT, and DELETE" into Three Separate Settings which was also deemed too general.  This kicked off a lot of other feature ideas, which are listed below.

 

Permissions Settings - Make column and row headings scroll (archived) and the later Permissions Page improvements  (Product Radar) would make permissions much easier for admins to manage.

 

Blog Post on Let's Talk More Granular User/Role Permissions which discusses the difference between user roles and permissions and what exactly is meant by the word granular.

 

New You can find when Canvas updates a permission by following Canvas Permission Updates.

 

Need and Rationale

Permissions is/are a big deal for institutions and when we have no ability to control permissions it creates a lot of extra work for admins and instructional technologists fixing what people break on accident.

 

These permissions requests adds up to hours of work each week either cleaning up messes or not giving people access to things because the permissions are so broad that we can't give them access, which then means that the work falls back onto canvas admins or instructional technologists.  Either way, we need a better way of granting/controlling permissions for users.  JS and CS overrides do not work consistently and are ineffective for enforcing permissions to view buttons, etc.

March 2016 update from Allison Weiss

This idea will be considered, along with several others, when we engage in a deep dive and audit of our permissions in Canvas this coming summer. If you are interested in participating in this discussion, please shoot me an email: allison@instructure.com As we consider all of the possible permission granularity requests (see Canvas Permissions and Granularity Feature Ideas), we will be considering a number of different factors, including the COST and the BENEFIT of making a change:

 

THE COST

What extra work will be required in the Canvas app if we break out this permission?

What is the level of engineering effort required to implement this permission split?

What will it mean for us to support this new permission indefinitely as we add new features?

 

THE BENEFIT

What use cases would this granular permission support?

How many of our existing customer require support for each of those use cases?

 

These are not the only considerations, but I mention this line of reasoning because between now and the summertime when we start to dig deep into this topic, voters on this thread have a big role to play in persuading us of the potential benefits to admins and users. Your votes and comments will help us to measure the percentage of our customer base that will actually use the permission split, if implemented.

 

Bottom line: Keep those votes, comments and use cases coming! They will be very valuable when it comes time to decide which requests to prioritize.

 

July 27 Update from Renee Carney

Greetings, Partners on Permissions

 

Thank you for the time, energy, experience, and knowledge you have put into these threads. The granulated permissions threads have been open and gathering information for almost a year now. This extra time has allowed  our team to collect important feedback and perspectives. Each of the permissions threads contain valuable stories that will help inform development if/when a project is allocated for. Having worked with Allison on these, and now working with Matt G., I know that the product team is sincerely interested in improving permissions, however the magnitude and impact of such a project does not make it one that is easy to squeeze in. We will be archiving these permissions threads for now.  Archiving these threads does not mean they are forgotten; they are set aside, while they are inactive projects on our roadmap. The ideas are monitored, so you can continue to add your examples and use cases to the dialogue. Please follow this thread to receive updates when they are available.

 

Again, thank you for the rich conversation!

 

 

Permissions/Granularity Feature Ideas

 

Feature IdeaStatusInstructure Response/Related Ideas
New Tool with one permission: 

 

Blueprint Courses (create / edit / associate / delete)

No Idea OpenedTool added with singular permission to system in July 2017.
In Permissions, Separate "Manage (add/edit/delete) course files" into 3 permissions

Archived

[160 votes]

It is clear that the accidental deletion of files is the biggest concern here. As I research a possible solution, is it safe to say that leaving Add and Edit permissions together would not be a concern?
In Permissions, Separate "Manage wiki (add/edit/delete pages)" into 3 permissions

Archived

[143 votes]

This seem like another situation where the primary concern is the delete functionality. I will see what kind of effort this would be and will post an update there.
In Permissions, Separate "Manage (create/edit/delete) course sections" into 3 permissions

Archived

[172 votes]

It seems like most of the concerns regarding this permission are related to the deletion of course sections. If users were limited from deleting SIS created sections, would that solve the problem without further changes?
In Permissions, Separate "Create and edit assessing rubrics" into 2 permissionsArchived
[123 votes]

January 2016 update from Mccall Smith:

After doing some research we have determined that there is a need for unbundling several permissions. The permissions project is a bigger beast than I originally thought. I know this isn't something we will be able to work on for next 3-6 months but will revisit this.

In Permissions, Separate "Add/remove students for the course" into 2 permissions

Archived

[177 votes]

Are there other reasons certain users need to be able to add a user to a course but not remove the same student from the same course? If not, I'm inclined to archive this issue.
In Permissions, Separate "Add, edit and delete events on the course calendar" into 3 permissions

radar-icon1.png

Product Radar

[143 votes]

February 2016 update from Allison Weiss:
Thanks, everyone for your comments. I will archive this idea for now. But the big takeaway here is that the DELETE permission should generally exist apart from the CREATE and EDIT permissions. Lesson learned and we'll see how we might apply that principle going forward.
In Permissions, Separate "Manage (add/edit/delete) assignments and quizzes" into 3 permissions

radar-icon1.png

Product Radar

[158 votes]

January 2016 update from Jason Sparks:
Thank you all for the additional feedback.  I do understand your need.  We are looking at how we can prioritize this in all of the additional work planned for 2016.  I do not have a timeline, but will share more when I am able.

In Permissions, Separate "Moderate discussions (delete/edit other's posts, lock topics)" into 3 permissions

Archived

[142 votes]

...I have a follow-up question to your use case of students moderating class discussions. Does that mean that for one discussion and one discussion only, you would like to set a student as a "Discussion Leader"? Or is this more like a TA where you have a permission set that persists throughout the course?
In Permissions, Separate Manage (add/edit/delete) courses into 3 permissions

Archived

[146 votes]

I understand the reasons why it would be helpful to separate out the delete permission. I'm looking into how big the effort would be and will post an update here.
In Permissions, Separate "Add/remove other teachers, course designers, TAs, and Observers to the course" into 8 permissions

Archived

[211 votes]

It seems like the group consensus is that it would be more important to separate out the "remove" permission more than separating the management of teachers from the management of TAs and Course Designers. Would that be a fair description? If there were two permissions, "Add other teachers, course designers, TAs, and Observers to the course" and "Remove teachers, course designers, TAs, and Observers from the course" would that be sufficient for your institution?
In Permissions, Separate "Manage (create/edit /delete) groups" into 3 permissions

radar-icon1.png

Product Radar

[157 votes]

February 2016 update from Allison Weiss:

Thanks, everyone for your comments. This is an idea I will archive for now. But the big takeaway here is that the DELETE permission should generally exist apart from the CREATE and EDIT permissions. Lesson learned and we'll see how we might apply that principle going forward.

Permissions - Able to view student submissions without being able to score with rubrics.

Archived

[13 votes]

Commons Permissions (Account Roles)

Commons Permissions (Account Roles)

Cold Storage

 

[15 votes]

New account level permission needed, "View sub-account" permission

New account level permission needed, "View sub-account" permission

Cold Storage

[17 votes]

Permissions for Designer or TA role to upload SCORM content

Permissions for Designer or TA role to upload SCORM content

Cold Storage

[3 votes]

A permission setting that controls whether a particular role will receive notifications and announcements

A permission setting that controls whether a particular role will receive notifications and announcements

Cold Storage

[5 votes]

In Account level Groups, allow more permissions Leader vs. User

In Account level Groups, allow more permissions Leader vs. User

Cold Storage

[19 votes]

Permission for Observers - Uncouple Discussions and AnnouncementsCOMPLETED

Also similar to this archived idea:   Add new role permission - Post to Announcements

Add new role permission - Post to Announcements

Course level permission to view all course content

Course level permission to view all course content

Cold Storage

[closed without voting]

Was told this should be part of More granular permissions for admins

Separate permissions for course developing and course delivering

Separate permissions for course developing and course delivering

Cold Storage

[closed without voting]

Was told this should be part of More granular permissions for admins
Include custom teacher-derived roles for commons content importCOMPLETEDCommons Release Notes (2015-11-23)

TA to have grading access but not gradebook access

TA to have grading access but not gradebook access

Cold Storage

[12 votes]

Commons Admin - Need option to give access by role

Commons Admin - Need option to give access by role

Cold Storage

 

[16 votes]

Disable Changing Course Start and End Dates

Disable Changing Course Start and End Dates

Cold Storage

[19 votes]

Disable Changing Start/End Dates

Disable Changing Start/End Dates

Disable Changing Start/End Dates

Disable Changing Start/End Dates

Cold Storage

[15 votes]

Disable Changing Course Start and End Dates

Disable Changing Course Start and End Dates

Outcome Delete Permissions for Teacher Role (Course-Level)

Outcome Delete Permissions for Teacher Role (Course-Level)

Cold Storage

[6 votes]

Masquerade as View-Only or Options

Masquerade as View-Only or Options

Cold Storage

[21 votes]

Not authorized to view the specified idea 4382

Remove "Students" from inbox list when "Send Messages" permissions are disabled

Cold Storage

[4 votes]

Limit visibility to Section Users

Limit visibility to Section Users

Cold Storage

[48 votes]

How do I limit a user to only interact with other users in the same course section?

Limit student users to only see fellow section users by API

??? - Is this completed by Canvas Production Release Notes (2017-04-01) ?  I can't read the feature idea since it's in cold storage.

Let observers see discussion comments for only their student

Let observers see discussion comments for only their student

Cold Storage

[14 votes]

In Permissions, Add View Files and Access Class Rolls

In Permissions, Add View Files and Access Class Rolls

Cold Storage

[5 votes]

In Permissions, Separate "View Grades" into 2 Permissions

In Permissions, Separate "View Grades" into 2 Permissions

Cold Storage

[12 votes]
Remove the ability to start a new attempt from the 'Submission Details' Page

Archived

[105 votes]

Unbundle View Prior Enrollments from Add Students PermissionsCOMPLETEDSeems to have been changed in April 2016 sometime.  Not in release notes.

Filter Terms: Sub-Account Admins Should Only See Terms For Their Sub-Account

Filter Terms: Sub-Account Admins Should Only See Terms For Their Sub-Account

Cold Storage

[12 votes]

a way to see student view for each student

Cold Storage

[62 votes]

User Activity and Analytics reports for Instructors: Exclude Masquerade activity

radar-icon1.png

Product Radar

[142 votes]
Course-Level Setting: Restrict Users to Their Own Section(s)CompletedCanvas Production Release Notes (2017-04-01) 
Protect students-->Make "send messages to individual users" a more granular permission

Cold Storage

Edit Section: Restricting students to see own section onlyCompletedCanvas Production Release Notes (2017-04-01) 
Permission Settings Report or Extract

Cold Storage

In Permissions, Add a "View Only" Permission after Course Conclusion

Cold Storage

Add course-level & account-level permissions for LTI installationCompletedCanvas Production Release Notes (2016-11-19)
Include file permission options when uploading files via Content Selector.

Cold Storage

Details no longer viewable [39 votes]
Protect students-->Make "send messages to individual users" a more granular permission

Cold Storage

Details no longer viewable

Here are some other things related to Permissions that may be useful:

TAs can now edit course settings?

Student view as a permission

Canvas Permissions for Specific Roles - Share Yours!

Hidden Canvas Permissions

Manage Profile Pictures - Permissions

Further customize instructor permissions

Course Role Permission to create Announcements?

Attendance role and permissions

What does every permission setting impact?

How to set the course details page as read only for faculty??

What does every permission setting impact?

Read SIS Permission What does this allow?

Remove "delete course" permission from teacher

What admin features would you like to see?

Help with a custom JS File??

Account Role - Permissions to view gradebook

ADA Mentor Access Role

Needed Permissions to Allow only Rubric and Outcome

managing student permissions to see folders and upload into them

Is there a permissions setting I can adjust so that a user with "Teacher" role cannot edit the name of a course?

What permissions trigger Commons admin access?

 

James Jones posted How do I see all users that have been added to subaccounts as admins? with a cool way to get a list of all of the admins and sub-account admins.

 

Canvas Beta Release Notes (2016-03-21)

The good:  Account Roles:  Import SIS Imports and Manage SIS Imports separated!

The bad:   Permanently Delete this Course added to the Change Course State

 

Delete submissions by students

See Comments:  if we could include this function into the User Permissions options then each school could control which roles have access to performing this function ( Help Admins, Teachers, T.A.'s, Students) I can see this curing a lot of concerns.

 

New Other Important Things to Remember with Roles

When you copy/duplicate an out of the box role it carries with it the category that it was copied from. In other words, if you duplicate the Teacher Role and name it "Principal" (both name and SISID) and then assign that role to a user, other users (including students) will see that user listed under "Teachers" in the People Tool and in the Conversations Tool.

 

This is bad. Why? Because a student might not know that Person X isn't really a teacher assigned to that course/section and that this person should not be contacted if you have questions or need help with course content.

 

Newly created roles should not automatically be assigned to the same role category as the role it was duplicated from. 

8 people found this helpful

Attachments

    Outcomes