Auditing and cleaning up permissions

Community Explorer

Hi everyone! Our institution has been using Canvas since 2013, and we are looking to do an audit of all of the Account roles, their corresponding permissions, and who has been given those roles We have noticed that the number of unique account roles has been creeping up over the years, and we decided that it would be useful to review these settings to ensure that we do not inadvertently give folks higher permissions than they need or should have. We also have multiple individuals with the Account Admins role, which is probably not best practice. 

Has anyone in the group performed this type of audit, and if so, would you be willing to share your process and philosophy? What do you consider to be best practice in this regard? How many individuals have the Account Admin role at your institution? How many other account roles do you have in place? And do you prefer to manage the Account roles at the root account as opposed to at the subaccount level? These are just a few of the questions that have come up as we embark on this project. 

Thanks in advance for your input!

- Ursula