[ARCHIVED] The "Account-level settings - manage" permission is to coarse grained

Jump to solution
canvas_support6
Community Explorer
‎06-09-2021 09:36 PM

We have been conducting security reviews of user roles in Canvas and want to redesign the roles to allow the minimum access necessary for individuals to still be able to complete their work.

We have repeatedly struck an issue with the "Account-level settings - manage" permission, where many roles need access to the subaccounts. Some needing read only access and others manage access. But this role also enables some of the most critical features in Canvas: Authentication, Theme Editor, Account Settings and Terms. 

In order to give sub-account access and withhold access to the other features we are proposing a Javascript Theme filter that hides and inactivates the more powerful screen controls. This can still be bypassed and must be maintained over time to avoid accidental exposure.

We need a more reliable solution such as Canvas implementing more granular permissions to break them down for safer delegation. At a minimum, we would like sub-account access to be removed from this role. Does Canvas have any plans to do this?

Labels (2)
Labels
0 Likes
1 Solution

Jump to solution
kmeeusen
Community Champion
‎06-10-2021 10:26 AM

Hi @canvas_support6 

This is not currently possible in Canvas, but you could create a new Idea Conversation for this functionality in this community.

A quick search of Idea Conversations did produce this gem: More granular permissions for admins

You can rate it, add your own use-case scenarios, or even create your own new idea.

Good luck,

Kelley

View solution in original post

0 Likes