cancel
Showing results for 
Search instead for 
Did you mean: 
canvas_support6
Community Participant

The "Account-level settings - manage" permission is to coarse grained

Jump to solution

We have been conducting security reviews of user roles in Canvas and want to redesign the roles to allow the minimum access necessary for individuals to still be able to complete their work.

We have repeatedly struck an issue with the "Account-level settings - manage" permission, where many roles need access to the subaccounts. Some needing read only access and others manage access. But this role also enables some of the most critical features in Canvas: Authentication, Theme Editor, Account Settings and Terms. 

In order to give sub-account access and withhold access to the other features we are proposing a Javascript Theme filter that hides and inactivates the more powerful screen controls. This can still be bypassed and must be maintained over time to avoid accidental exposure.

We need a more reliable solution such as Canvas implementing more granular permissions to break them down for safer delegation. At a minimum, we would like sub-account access to be removed from this role. Does Canvas have any plans to do this?

Labels (1)
0 Kudos
1 Solution

Accepted Solutions
kmeeusen
Community Coach
Community Coach

Hi @canvas_support6 

This is not currently possible in Canvas, but you could create a new Idea Conversation for this functionality in this community.

A quick search of Idea Conversations did produce this gem: More granular permissions for admins

You can rate it, add your own use-case scenarios, or even create your own new idea.

Good luck,

Kelley

View solution in original post

Tags (1)
0 Kudos
2 Replies
kmeeusen
Community Coach
Community Coach

Hi @canvas_support6 

This is not currently possible in Canvas, but you could create a new Idea Conversation for this functionality in this community.

A quick search of Idea Conversations did produce this gem: More granular permissions for admins

You can rate it, add your own use-case scenarios, or even create your own new idea.

Good luck,

Kelley

View solution in original post

Tags (1)
0 Kudos

I added a comment and I think I rated it, but I am not sure if the rating part worked correctly.

I also added an idea for my specific use case here: 

https://community.canvaslms.com/t5/Idea-Conversations/Make-the-quot-Account-level-settings-manage-qu...

It looks like you have had these issues for 6 years, many people have commented, and you have implemented some changes. But I feel my specific issue is unlikely to be addressed for some time.

Simon