cancel
Showing results for 
Search instead for 
Did you mean: 
skhagen
Surveyor

Sub-account level role for accreditation visitors

We're interested in creating a sub-account-level role (or is it an account-level role with people assigned to department sub-accounts?) for a visiting accreditation team. 

Below is the list of permissions that make sense to me at first glance. This is probably more expansive than needed. I think the 4 starred items might be all that is needed. A few questions:

  • Does that work how I've described it?
  • I've read about there being underlying permissions of a particular role, such that when a new role is created based on that role it still has those underlying permissions. Is there a list of those somewhere? Do any of them present a risk if used by a visiting accreditation team? (The team is covered under FERPA, so that's not an issue.)
  • Am I missing any critical permissions in the list below?

Thanks for any insight!

Admin Account Permissions

Statistics - view

*Courses - view list

Course & Account Permissions

*Submissions - View and make comments

Analytics - view pages

Question banks - view and link

Announcements - view

*Course content - view

*Discussions - view

Quizzes - view submission log

Courses - view usage reports

2 Replies
skhagen
Surveyor

I'm going to clarify my own question. 

I found the awesome permissions document (thank you, Related Content feature of the Community).

Are the permissions with the * in that document and below the underlying permissions I described before? That is to say, the document calls them un-editable, which I'm taking to mean they have to be associated with any account-level role.

If I've got that right, I think the evaluator/accreditor role would need these settings at least:

Account admin*

Admins - add/remove*

Submissions - View and make comments

Grades - view all grades (not sure on this one - required for Speedgrader view?)

Grades - edit (must be enabled for Speedgrader view)

Course content - view

Discussions - view

This is a good illustration of why making permissions more granular is important. Ideally we'd be able to have Submissions - View, Course content - view, and Discussions - view (in green) without the others (in red).

Am I right? Am I missing something? I'm a sub-admin, so I can't test it myself.

 @kona ‌, can you point me in the right direction? 

skhagen
Surveyor

As an update, the official decision is that this is too much access, so we won't be creating the role. Specifically the inseparability of these is problematic:

Submissions - View and make comments

Grades - view all grades (not sure on this one - required for Speedgrader view?)

Grades - edit (must be enabled for Speedgrader view)