New! July 9, 2018
- Posted by Erin Hallmark: Permissions Name Updates (2018-07-14 Canvas Release) - the Permissions page includes updates to permissions names, which have also been grouped according to function. No permissions functionality has been affected.
- The new User Interface for the Permissions Page will hit production with the July 14th, 2018 update.
You can find when Canvas updates a permission by following Canvas Permission Updates.
Granular Permissions now has a Canvas Studio area: Priority: Granular Permissions
Exciting new update:
See Granular Permissions Designs for information about work currently being done based on our feedback to implement changes to permissions to make them more granular!
Background
The original Feature Idea that kicked off all of these was posted by @kona with 306 votes and was archived because it was too general of a request. It was also one of the Top Two Most Important Feature Ideas/Bugs/Issues for Canvas Admins. Now on PRODUCT RADAR.
cms_hickss made another feature idea: which was also deemed too general. This kicked off a lot of other feature ideas, which are listed below.
(archived) and the later (Product Radar) would make permissions much easier for admins to manage.
Blog Post on Let's Talk More Granular User/Role Permissions which discusses the difference between user roles and permissions and what exactly is meant by the word granular.
Need and Rationale
Permissions is/are a big deal for institutions and when we have no ability to control permissions it creates a lot of extra work for admins and instructional technologists fixing what people break on accident.
These permissions requests adds up to hours of work each week either cleaning up messes or not giving people access to things because the permissions are so broad that we can't give them access, which then means that the work falls back onto canvas admins or instructional technologists. Either way, we need a better way of granting/controlling permissions for users. JS and CS overrides do not work consistently and are ineffective for enforcing permissions to view buttons, etc.
March 2016 update from Allison Weiss
This idea will be considered, along with several others, when we engage in a deep dive and audit of our permissions in Canvas this coming summer. If you are interested in participating in this discussion, please shoot me an email: allison@instructure.com As we consider all of the possible permission granularity requests (see Canvas Permissions and Granularity Feature Ideas), we will be considering a number of different factors, including the COST and the BENEFIT of making a change:
THE COST
What extra work will be required in the Canvas app if we break out this permission?
What is the level of engineering effort required to implement this permission split?
What will it mean for us to support this new permission indefinitely as we add new features?
THE BENEFIT
What use cases would this granular permission support?
How many of our existing customer require support for each of those use cases?
These are not the only considerations, but I mention this line of reasoning because between now and the summertime when we start to dig deep into this topic, voters on this thread have a big role to play in persuading us of the potential benefits to admins and users. Your votes and comments will help us to measure the percentage of our customer base that will actually use the permission split, if implemented.
Bottom line: Keep those votes, comments and use cases coming! They will be very valuable when it comes time to decide which requests to prioritize.
July 27 Update from @Renee_Carney
Greetings, Partners on Permissions
Thank you for the time, energy, experience, and knowledge you have put into these threads. The granulated permissions threads have been open and gathering information for almost a year now. This extra time has allowed our team to collect important feedback and perspectives. Each of the permissions threads contain valuable stories that will help inform development if/when a project is allocated for. Having worked with Allison on these, and now working with Matt G., I know that the product team is sincerely interested in improving permissions, however the magnitude and impact of such a project does not make it one that is easy to squeeze in. We will be archiving these permissions threads for now. Archiving these threads does not mean they are forgotten; they are set aside, while they are inactive projects on our roadmap. The ideas are monitored, so you can continue to add your examples and use cases to the dialogue. Please follow this thread to receive updates when they are available.
Again, thank you for the rich conversation!
Permissions/Granularity Feature Ideas
| Feature Idea | Status | Instructure Response/Related Ideas | |
|---|---|---|---|
| New Tool with one permission: Blueprint Courses (create / edit / associate / delete) | No Idea Opened | Tool added with singular permission to system in July 2017. | |
Product Radar [163 votes] | It is clear that the accidental deletion of files is the biggest concern here. As I research a possible solution, is it safe to say that leaving Add and Edit permissions together would not be a concern? | ||
Product Radar [144 votes] | This seem like another situation where the primary concern is the delete functionality. I will see what kind of effort this would be and will post an update there. | ||
Product Radar [176 votes] | It seems like most of the concerns regarding this permission are related to the deletion of course sections. If users were limited from deleting SIS created sections, would that solve the problem without further changes? | ||
Product Radar [123 votes] | January 2016 update from Mccall Smith: After doing some research we have determined that there is a need for unbundling several permissions. The permissions project is a bigger beast than I originally thought. I know this isn't something we will be able to work on for next 3-6 months but will revisit this. | ||
Product Radar [182 votes] | Are there other reasons certain users need to be able to add a user to a course but not remove the same student from the same course? If not, I'm inclined to archive this issue. | ||
Product Radar [144 votes] | February 2016 update from Allison Weiss: Thanks, everyone for your comments. I will archive this idea for now. But the big takeaway here is that the DELETE permission should generally exist apart from the CREATE and EDIT permissions. Lesson learned and we'll see how we might apply that principle going forward. | ||
Product Radar [166 votes] | January 2016 update from Jason Sparks: | ||
Product Radar [146 votes] | ...I have a follow-up question to your use case of students moderating class discussions. Does that mean that for one discussion and one discussion only, you would like to set a student as a "Discussion Leader"? Or is this more like a TA where you have a permission set that persists throughout the course? | ||
Product Radar [155 votes] | I understand the reasons why it would be helpful to separate out the delete permission. I'm looking into how big the effort would be and will post an update here. | ||
Product Radar [217 votes] | It seems like the group consensus is that it would be more important to separate out the "remove" permission more than separating the management of teachers from the management of TAs and Course Designers. Would that be a fair description? If there were two permissions, "Add other teachers, course designers, TAs, and Observers to the course" and "Remove teachers, course designers, TAs, and Observers from the course" would that be sufficient for your institution? | ||
Product Radar [158 votes] | February 2016 update from Allison Weiss: Thanks, everyone for your comments. This is an idea I will archive for now. But the big takeaway here is that the DELETE permission should generally exist apart from the CREATE and EDIT permissions. Lesson learned and we'll see how we might apply that principle going forward. | ||
Archived [13 votes] | |||
Commons Permissions (Account Roles) | Cold Storage
[15 votes] | ||
New account level permission needed, "View sub-account" permission | Cold Storage [17 votes] | ||
Permissions for Designer or TA role to upload SCORM content | Cold Storage [3 votes] | ||
A permission setting that controls whether a particular role will receive notifications and announcements | Cold Storage [5 votes] | ||
In Account level Groups, allow more permissions Leader vs. User | Cold Storage [19 votes] | ||
Course level permission to view all course content | Cold Storage [closed without voting] | Was told this should be part of | |
Separate permissions for course developing and course delivering | Cold Storage [closed without voting] | Was told this should be part of | |
TA to have grading access but not gradebook access | Cold Storage [12 votes] | ||
Commons Admin - Need option to give access by role | Cold Storage
[16 votes] | ||
Disable Changing Course Start and End Dates | Cold Storage [19 votes] | Disable Changing Start/End Dates | |
Disable Changing Start/End Dates | Cold Storage [15 votes] | Disable Changing Course Start and End Dates | |
Outcome Delete Permissions for Teacher Role (Course-Level) | Cold Storage [6 votes] | ||
Masquerade as View-Only or Options | Cold Storage [21 votes] | ||
Remove "Students" from inbox list when "Send Messages" permissions are disabled | Cold Storage [4 votes] | ||
Limit visibility to Section Users | Cold Storage [48 votes] | Not authorized to view the specified document 2879 ??? - Is this completed by Canvas Production Release Notes (2017-04-01) ? I can't read the feature idea since it's in cold storage. | |
Let observers see discussion comments for only their student | Cold Storage [14 votes] | ||
In Permissions, Add View Files and Access Class Rolls | Cold Storage [5 votes] | ||
In Permissions, Separate "View Grades" into 2 Permissions | Cold Storage [12 votes] | ||
Product Radar [105 votes] | |||
Filter Terms: Sub-Account Admins Should Only See Terms For Their Sub-Account | Cold Storage [12 votes] | ||
| a way to see student view for each student | Cold Storage [62 votes] | ||
Product Radar [153 votes] | |||
| Protect students-->Make "send messages to individual users" a more granular permission | Cold Storage | ||
| Completed | Canvas Production Release Notes (2017-04-01) | ||
| Permission Settings Report or Extract | Cold Storage | ||
| In Permissions, Add a "View Only" Permission after Course Conclusion | Cold Storage | ||
| Include file permission options when uploading files via Content Selector. | Cold Storage | Details no longer viewable [39 votes] | |
| Cold Storage | Details no longer viewable | |
| https://community.canvaslms.com/ideas/8201 | Archived [12 votes] | ||
| https://community.canvaslms.com/ideas/8354 | Archived [11 votes] | ||
Archived [40 votes] Archived [32 votes] | |||
| https://community.canvaslms.com/ideas/2477 | Archived [12 votes] | ||
| https://community.canvaslms.com/ideas/9044-blueprint-permissions-make-them-exclusive-for-course-edit... | Open for Voting | ||
| https://community.canvaslms.com/ideas/8987-allow-observer-permission-to-view-analytics-pages | Open for Voting | ||
| https://community.canvaslms.com/ideas/9332-account-role-with-no-elevated-access | Open for Voting | ||
| https://community.canvaslms.com/ideas/8322 | Archived [16 votes] | ||
| https://community.canvaslms.com/ideas/3282 | Archived [29 votes] | ||
| https://community.canvaslms.com/ideas/4639 | Archived [17 votes] | ||
| https://community.canvaslms.com/ideas/7917 | Archived [7 votes] | ||
| https://community.canvaslms.com/ideas/1051-default-notification-settings-profiles-by-user-role | Open for Voting | ||
| https://community.canvaslms.com/ideas/8354 | Archived [11 votes] | ||
| https://community.canvaslms.com/ideas/8695-select-all-permissions-option | Open for Voting | ||
| https://community.canvaslms.com/ideas/8338 | Cold Storage [33 votes] | ||
| https://community.canvaslms.com/ideas/8350 | Archived | ||
| https://community.canvaslms.com/ideas/7424 | Archived | ||
| https://community.canvaslms.com/ideas/4382 | Archived [4 votes] | ||
| https://community.canvaslms.com/ideas/7222 | Archived [39 votes] | ||
| https://community.canvaslms.com/ideas/3436 | Archived [15 votes] | ||
| https://community.canvaslms.com/ideas/7048 | Archived | Determined to be a bug, no update. | |
| https://community.canvaslms.com/ideas/2468 | Archived [13 votes] | ||
| https://community.canvaslms.com/ideas/1566 | Archived | ||
| https://community.canvaslms.com/ideas/8806-course-level-permissions-for-startend-date | Open for Voting | ||
| https://community.canvaslms.com/ideas/6088" modifiedtitle="true" title="Protect students-->Make "... | Archived [4 votes] | ||
| https://community.canvaslms.com/ideas/5892 | Archived [18 votes] | ||
| https://community.canvaslms.com/ideas/5911 | Archived [9 votes] | ||
| https://community.canvaslms.com/ideas/7504 | Archived [2 votes] | ||
| https://community.canvaslms.com/ideas/2017 | Archived [37 votes] | ||
| COMPLETED | Also similar to this archived idea: Add new role permission - Post to Announcements | ||
| COMPLETED | Canvas Production Release Notes (2016-11-19) | ||
| COMPLETED | Commons Release Notes (2015-11-23) | ||
| COMPLETED | Seems to have been changed in April 2016 sometime. Not in release notes. | ||
| COMPLETED | Canvas Production Release Notes (2017-04-01) |
Here are some other things related to Permissions that may be useful:
TAs can now edit course settings?
Canvas Permissions for Specific Roles - Share Yours!
Manage Profile Pictures - Permissions
Further customize instructor permissions
Course Role Permission to create Announcements?
Attendance role and permissions
What does every permission setting impact?
How to set the course details page as read only for faculty??
What does every permission setting impact?
Read SIS Permission What does this allow?
Remove "delete course" permission from teacher
What admin features would you like to see?
Account Role - Permissions to view gradebook
Needed Permissions to Allow only Rubric and Outcome
managing student permissions to see folders and upload into them
What permissions trigger Commons admin access?
Sub-account admins being denied permissions
Permissions for Head of Faculty
Create roles/permissions at the course level
How can I prevent teachers editing the course homepage?
Are your students able to hack a hidden People page?
James Jones posted How do I see all users that have been added to subaccounts as admins? with a cool way to get a list of all of the admins and sub-account admins.
Canvas Beta Release Notes (2016-03-21)
The good: Account Roles: Import SIS Imports and Manage SIS Imports separated!
The bad: Permanently Delete this Course added to the Change Course State
See Comments: if we could include this function into the User Permissions options then each school could control which roles have access to performing this function ( Help Admins, Teachers, T.A.'s, Students) I can see this curing a lot of concerns.
Other Important Things to Remember with Roles
When you copy/duplicate an out of the box role it carries with it the category that it was copied from. In other words, if you duplicate the Teacher Role and name it "Principal" (both name and SISID) and then assign that role to a user, other users (including students) will see that user listed under "Teachers" in the People Tool and in the Conversations Tool.
This is bad. Why? Because a student might not know that Person X isn't really a teacher assigned to that course/section and that this person should not be contacted if you have questions or need help with course content.
Newly created roles should not automatically be assigned to the same role category as the role it was duplicated from.
New! Granular Permissions now has a Canvas Studio area: Priority: Granular Permissions
- Posted by Erin Hallmark: Permissions Name Updates (2018-07-14 Canvas Release) - the Permissions page includes updates to permissions names, which have also been grouped according to function. No permissions functionality has been affected.
- The new User Interface for the Permissions Page will hit production with the July 14th, 2018 update.
