What user roles and permissions are available in Canvas?

There are two types of users in Canvas: Account-level users and Course-level users.

Canvas comes with one default Account-level user role that includes permissions that affect the entire account as well as courses. Account admins can create account-level user roles with modified permissions. For more information about account-level permissions, view the Canvas Account Permissions resource document.

Canvas has five default Course-level user roles, each with permissions that affect their ability to interact with Canvas courses. Account admins can create course-level user roles. For more information about course-level user permissions, view the Canvas Course Permissions resource document.

You can also view a video about Canvas Permissions.

Note: When you edit a permission, it can sometimes take 30 minutes or longer for that permission to take effect. If the expected changes do not appear immediately, try again after some time has passed.

Course-Level Roles

Course-level roles are roles with permissions that allow a user course-level access. Usually users with these roles cannot see more than what is in their Canvas courses.

Canvas provides five base course-level user roles that each include their own set of default permissions. You can manage the permissions according to the needs of your institution. You can also create custom course roles that are created from a base role. The Canvas base roles are:

  • Student [1] : These users are permitted to submit assignments. This permission should not be turned off for this role. Student permissions are restricted, but they have enough permissions to  access and interact with course materials. You may also grant other permissions to students.
  • Teacher [2]: The teacher role grants a user course admin permissions, giving them control over their assigned course or courses. However, institutions can revise and limit these permissions as needed, depending upon the needs of your institution.
  • TA [3]: These users have permissions similar to teachers except that TAs should not have access to SIS data. The TA role is meant to support the teacher role. Admins can manage TA permissions. For example, some institutions may permit TAs to grade student submissions.
  • Designer [4]: These users are permitted to access and create course content, including announcements, assignments, discussions, and quizzes. Designer access to student information will vary from institution to institution. However, Designers cannot access grades. If your institution does not use Course Designers, you may choose to use this role as another TA user role that has more permissions than a regular TA.
  • Observer [5]: This user role can be linked to a student user enrolled in a course. For example, parents, guardians, and/or mentors may wish to be linked to a student to view their course progress. Observers usually have the fewest permissions.

Note: All user permissions trickle down through an account. Additionally, all permissions modifications affect all users assigned to a role. You may need to create a custom course-level user role for users whose course-level permissions you would like to vary from others'.

Account-Level Roles

Account admins have the power to set permissions for all users in Canvas. Admins can create additional account-level roles with account-level permissions. The default permissions for account admins can include access to everything within the account, plus the ability to masquerade as a user.

Each sub-account has its own permissions page, so admins can create account-level roles within a sub-account and add sub-account permissions directly within the sub-account. Sub-account admins can only only manage permissions and settings for the sub-accounts to which they've been assigned. However, some permissions may not be available for sub-account users. To learn more, view the Account vs. Sub-Account Comparisons resource document.