Permissions vs. role sent over LTI

Jump to solution
DeletedUser
Not applicable

I'd like to find out how Canvas roles/permissions affect the "roles" value sent to the LTI provider when an LTI link is opened from a Canvas course. For example, I'd like to know how it might be possible to control whether the "TA" role, or custom roles derived from it, sends "instructor" in the LTI roles parameter. Is there a default matrix of which Canvas roles map to which LTI roles ("student" or "instructor" vs. anything else)?

I am working with a publisher that makes its products available via LTI. I don't have administrative access to a full Canvas "account" instance in which I can test this myself.

1 Solution
kenneth_larsen
Community Champion

 @DeletedUser , Canvas does not lump a "TA" and an "Instructor" together. Each role is identified and passed through the LTI launch. There are two POST values that are sent along with an LTI tool that list information about a user's roles: ext_roles and roles.

Each user type will result in the following being present in the ext_roles value:

urn:lti:instrole:ims/lis/Student,urn:lti:sysrole:ims/lis/User

In addition, here is how the various roles are posted to the LTI in these two fields:

RoleRole as posted in ext_roles Role as posted in roles
Studenturn:lti:role:ims/lis/LearnerLearner
Teacherurn:lti:role:ims/lis/InstructorInstructor
TAurn:lti:role:ims/lis/TeachingAssistanturn:lti:role:ims/lis/TeachingAssistant
Designerurn:lti:role:ims/lis/ContentDeveloperContentDeveloper
Observerurn:lti:role:ims/lis/Learner/NonCreditLearnerurn:lti:instrole:ims/lis/Observer

If a user has multiple roles in a course, than they will be added together. From what I understand, custom roles within Canvas are not set to pass automatically through an LTI launch. There is a way that they can be passed using the custom fields portion of LTI, but I have not played with it yet so I cannot explain how at this point.

Hopefully that helps clarify things for you.

View solution in original post