We're interested in creating a sub-account-level role (or is it an account-level role with people assigned to department sub-accounts?) for a visiting accreditation team.
Below is the list of permissions that make sense to me at first glance. This is probably more expansive than needed. I think the 4 starred items might be all that is needed. A few questions:
Thanks for any insight!
Admin Account Permissions
Statistics - view
*Courses - view list
Course & Account Permissions
*Submissions - View and make comments
Analytics - view pages
Question banks - view and link
Announcements - view
*Course content - view
*Discussions - view
Quizzes - view submission log
Courses - view usage reports
I'm going to clarify my own question.
I found the awesome permissions document (thank you, Related Content feature of the Community).
Are the permissions with the * in that document and below the underlying permissions I described before? That is to say, the document calls them un-editable, which I'm taking to mean they have to be associated with any account-level role.
If I've got that right, I think the evaluator/accreditor role would need these settings at least:
Admins - add/remove*
Submissions - View and make comments
Grades - view all grades (not sure on this one - required for Speedgrader view?)
Grades - edit (must be enabled for Speedgrader view)
Course content - view
Discussions - view
This is a good illustration of why making permissions more granular is important. Ideally we'd be able to have Submissions - View, Course content - view, and Discussions - view (in green) without the others (in red).
Am I right? Am I missing something? I'm a sub-admin, so I can't test it myself.
@kona , can you point me in the right direction?
As an update, the official decision is that this is too much access, so we won't be creating the role. Specifically the inseparability of these is problematic: