Community Help

bclauss · ‎10-21-2021

I'm developing an LTI that I'd (ideally) like to give only certain users access (and visibility) to.

I know that I can choose "Admins" when creating the cartridge to limit access to just the Admins, but this also allows teachers and TA's to see and have access to the LTI.

Is there a way to configure Canvas so that only certain users can see (and access) my LTI?

I know that I can restrict access in the backend by querying the request header for the user and comparing that to an internal list in the application. I would much rather hide the LTI altogether from unauthorized users if possible.

Thank you,

Bryan

robotcars · ‎10-21-2021

I'm a little rusty on LTI, but there's a difference between Course placement and Account Placement. If you do it in a Course, teachers have access. If you do this in an Account, only the account Admin would have access.

matthew_buckett · ‎10-22-2021

There's an undocumented (use at your own risk) property you can set on the LTI registration to have Canvas perform a permission check before showing the user the LTI. The key is to have a property called:

required_permissions

and set this to a Canvas permission that only some users have (list of roles on: https://canvas.instructure.com/doc/api/roles.html#method.role_overrides.add_role). We do this for LTI 1.3 tools, there's no way in the UI to configure this without editing the JSON for a tool. So if you configure your LTI Developer Key and then switch to the JSON view of the tool, update the placement section to have the something like this:

               "placements": [
                   {
                       "placement": "account_navigation",
                       "message_type": "LtiResourceLinkRequest",
                       "required_permissions": "manage_account_memberships"
                   }
               ]

This is for a tool deployed in the account navigation, but it also works in other placements. If you specify multiple permissions separated by commas then all of them are required. The code that does the check in Canvas is here: https://github.com/instructure/canvas-lms/blob/f8fe687c145a8e98a6bf7d935cc8cc9fef144dfb/app/models/c...

This also works for LTI 1.1 tools by either editing the tool through the REST API or by specifying it through the XML when creating the LTI tool.

JHarrisonACU · ‎03-16-2023

Hi Matthew
This sound exactly what I'm looking for thank you. Unfortunately our tool provider has used 1.1 so we are on XML.

Do you know if the placements -> required permissions would be possible with XML?

We are looking to make a tool available to 2 of say 5 custom roles and the visibility options of "admins, members, etc." is too broad.

Thanks

Jesse

matthew_buckett · ‎03-17-2023

Yep the required_permissions works fine for LTI 1.1 tools (in most placements) you can add the attribute to the XML for the placement you want the additional permission check, or you can add the field using the external tools REST API.

matthew_buckett · ‎03-27-2023

I have a Canvas Idea open for supporting required_permissions in more placements: https://community.canvaslms.com/t5/Canvas-Ideas/Admin-Tools-Support-required-permissions-on-more-pla...

agschmid · ‎03-27-2023

Unfortunately it looks like we have to wait until October to vote on this?!

https://community.canvaslms.com/t5/Community/How-do-Ideas-and-Themes-work-in-the-Instructure-Communi...

Open for Voting windows are generally in February and October so the prioritized themes can be delivered prior to the start of the new calendar year and back to school, as illustrated below.

jmerlenbach2 · ‎06-12-2023

For those interested, I opened a ticket with support about this tool configuration and was told that it was fully supported for LTI 1.3, but unsupported for LTI 1.1, based on its presence/mention on this page.

Limit LTI access to certain users or just Canvas Admins

access

development

LTI

Is it possible to set default grades/post grades f...

Displaying a video within an iframe within a detai...

Error 403 when accepting enrollment invitations vi...

Error 403 when accepting enrollment invitations vi...

Need guide for ui app

Make People Photos Larger

Setting user-observer pairing via upload or API wi...

New quizzes questions bank via rest api

Random NXDOMAIN Errors When Accessing Canvas APIs

Disabling the "unpublish" option

You're signed out

Limit LTI access to certain users or just Canvas Admins

Community Help

View our top guides and resources: