Community help

elevine_1 · ‎03-10-2020

Hi there!

I'm an admin for my instance, so I'm really curious why I'm receiving this "Access Denied" message when I try to act as someone else other than students in my instance.

Does anyone know if Canvas limits who can be acted as depending on their permissions?

No one I'm trying to act as would be considered an admin, they'd be a teacher, so that's why this is even more puzzling.

Reached out to Instructure Support last week and no response.

-Erin

chriscas · ‎06-08-2023

Hi @brasmussen,

If you go to your Root Account Settings -> Feature Options area, you should see an account feature labeled "Check permissions when Masquerading as Course Admins". If you disable this option, an admin should be able to masquerade as any user. With the option enabled, the admin can only act as users if the admin account had equal or more permissions and access than the user they are masquerading as (preventing what some see as an elevation of privilege flaw). This option was added a year or two ago, after Instructure basically forced the option on and broke many Institution's processes. We disabled this option so our admins could again masquerade as anyone as we intended them to for support reasons.

Hope this helps!

-Chris

View solution in original post

TechSupport2U · ‎03-18-2022

Our support admins are also experiencing this same exact issue at this time. Submitted a ticket to Instructure and awaiting any response.

TechSupport2U · ‎03-18-2022

We received a response from Instructure about this and they advised:

I understand that your users are not able to masquerade as teachers. This is due to a correction that was made on our end. Turns out if you were acting as another user, you then took over those users' same permissions, allowing the masquerader to do things that should not have been allowed. Due to this, the masquerade feature has been restricted to only allow them to act as users that match or have fewer permissions than they do, which is why student still functions.
If your users still require access to act as teachers then you will need their role's permissions to include all the permissions on the teacher role.

nwilson7 · ‎03-18-2022

@TechSupport2U There are other threads about this issue as well. Canvas just fixed this issue: https://community.canvaslms.com/t5/Known-Issues/Admins-are-able-to-act-as-non-admin-users-with-more-...

so if your admin does not have a permission level that a teacher does have or any of the users you are trying and receiving then that is the cause. I tested this last night and it seems to still be working for me but maybe I am just getting lucky since many others are not having any luck.

-Nick

TechSupport2U · ‎03-18-2022

@nwilson7 here's the oddest part. The functionality just seemingly randomly started working again now for our admins to Act As teacher users. In a general perspective, the Admin role is an 'Account role', and itself should supercede a user's Teacher 'Course role', so the permissions thing seems an odd barrier in that functionality.

brasmussen · ‎06-08-2023

Our Canvas instance just started restricting us admins from acting as Teachers - more than a year after this thread was started.

Until recently, I assumed that ACCOUNT ADMIN roles trumped ALL of the COURSE ROLES, regardless of what specific permissions the course roles had assigned to them.

How EXACTLY do we regain this ability? What exact, specific permissions do we need to add to our account admin role (!!!) to be able to masquerade as Teachers? What permissions do Teachers have that root account admins do NOT have?

This is the most ridiculous thing I've encountered in Canvas in a long, long while.

chriscas · ‎06-08-2023

Hi @brasmussen,

If you go to your Root Account Settings -> Feature Options area, you should see an account feature labeled "Check permissions when Masquerading as Course Admins". If you disable this option, an admin should be able to masquerade as any user. With the option enabled, the admin can only act as users if the admin account had equal or more permissions and access than the user they are masquerading as (preventing what some see as an elevation of privilege flaw). This option was added a year or two ago, after Instructure basically forced the option on and broke many Institution's processes. We disabled this option so our admins could again masquerade as anyone as we intended them to for support reasons.

Hope this helps!

-Chris

brasmussen · ‎06-09-2023

Hi Chris,

Thanks for the heads up! That worked!

-Brent Rasmussen
A.T. Still University | LMS Administrator | brasmussen@atsu.edu

[ARCHIVED] Receiving "Access Denied" when attempting to "Act as User"

Archived

Questions

You're signed out

[ARCHIVED] Receiving "Access Denied" when attempting to "Act as User"

Archived

Questions

Community help

View our top guides and resources: