Some of our learners have created portfolios, made them 'public' and shared the urls so that they can be accessed by tutors and our quality assurance team.
However, it is possible for learners to gain access to other learners' portfolios by a process of trial and error if they change and experiment with the last two digits of the url. Obviously, we would hope that learners would not do this but it represents a potential security breach.
Is there a way around this? If learners make their portfolios 'private' is there a way to give access to authorised users such as their tutors while eliminating the risk of others gaining access without permission?