Add/remove students for the course
Per Cosme Salazar in More granular permissions for admins and In Permissions, Change "ADD, EDIT, and DELETE" into Three Separate Settings I have divided out the multiple functionality settings into their own requests. There are now 10 separate requests.
Currently this permission also includes "Allows user to view student login/sis id information.". If changed, being able to view a student's login/sis id should be covered by Read SIS Data (Why it isn't already is beyond me).
We have also been struggling with the permissions, trying to create a support role for our student workers. They need to be able to see certain account information for troubleshooting and call logging for all users and the way permissions are setup make it very difficult to give them access to the screens that contain the information they need with out giving them permissions that can actually alter the course or information.
The permissions need to be separated for each process. The administration should be able to decide who can add or who can delete students or courses.
This is an issue for our support staff as well!
Is there a secret decoder ring that shows when a certain permission includes other permissions with the setting? I've run into this a few times and it forces me to give a higher level of permission than desired. For example: the ability to delete sections when I want supervisory faculty to be able to simply see unpublished course content.
There is this guide Canvas Account Role Permissions that is supposed to explain which permissions have unseen items associated with it.
There is also one for Canvas Course Role Permissions.
To piggy-back on these great suggestions, I'd also recommend that the "View all students' submissions AND make comments on them" be split into two permissions. At Baylor, we use Dropout Detective by AspirEDU. Their system needs to be able to see if students have submitted assignments. However, in order to let them view student submissions, I have to enable “View all students’ submissions AND MAKE COMMENTS ON THEM” (emphasis mine).
I recommend making this a separate request so we can vote on it. :}
No thanks. See this thread . I'd rather get my comments before the developers in this stage of gathering info.
Rationale: Permissions needs to be unbundled to allow for different permissions based on functional role.
Rationale for Stanford: We would likely want more teaching staff users to be able to add students/guests, but would want to prevent accidental deletion by TAs, perhaps even instructors.
This is a huge problem for us.
We generally have a high bar for adding new permissions as they increase the complexity and cost to implement new features. I think the most compelling argument in this thread is by @gladysie regarding what permission allows a user to view SIS information (and how it should be managed by the "Read SIS Data" permission).
Are there other reasons certain users need to be able to add a user to a course but not remove the same student from the same course? If not, I'm inclined to archive this issue.
Deactivated user not all classes are purely academic in nature. Some are for support (and probation) or pre and post testing. Those students need to be ADDED but never DELETED so that the record of their interactions is easily found by all those who have access to those courses.
If you delete them, there is no proof the student was in that course (as not everyone has access to logs and page views) unless you add them back and their activities return.
Also, this Idea has nothing to do with reading SIS Data (which is a BUG with the current set of permissions). This has to do with Teachers, Course Designers, and TAs adding and/or deleting a student from a course.
Deactivated user you said:
"We generally have a high bar for adding new permissions as they increase the complexity and cost to implement new features."
Please explain what you/Canvas mean by a "high bar"? Is it how many users are impacted? How many institutions? Also, how does it, if it does, relate to user votes and comments on an Idea? When my director asks me what that means, I'm going to need an answer as defined by your team.
I agree with everything that cms_hickss said in her post above.
We also have some classes that are not purely academic. They could be managed manually or perhaps it could be managed via SIS, depends on the use case. If the student is removed from the course, then the instructor loses all data related to the student unless the student is reinstated.
Faculty will also do all kinds of weird things if they have access to. If there is a button to click on or an option to check, they will find it and then wonder why it's messed up.
We want to be able to control who has access to +People - so who can add students, and who can add teachers, etc to the class.
We also want to be able to control who can edit a user separately from who can inactivate/delete a user from the course:
Hope that makes sense.
Thanks for the smile, re: "...they will find it and then and wonder why its messed up."
This idea will be considered, along with several others, when we engage in a deep dive and audit of our permissions in Canvas this coming summer. If you are interested in participating in this discussion, please shoot me an email: email@example.com As we consider all of the possible permission granularity requests (see Canvas Permissions and Granularity Feature Ideas), we will be considering a number of different factors, including the COST and the BENEFIT of making a change:
What extra work will be required in the Canvas app if we break out this permission?
What is the level of engineering effort required to implement this permission split?
What will it mean for us to support this new permission indefinitely as we add new features?
What use cases would this granular permission support?
How many of our existing customer require support for each of those use cases?
These are not the only considerations, but I mention this line of reasoning because between now and the summertime when we start to dig deep into this topic, voters on this thread have a big role to play in persuading us of the potential benefits to admins and users. Your votes and comments will help us to measure the percentage of our customer base that will actually use the permission split, if implemented.
Bottom line: Keep those votes, comments and use cases coming! They will be very valuable when it comes time to decide which requests to prioritize.
We need some support for our case that the permissions available in Canvas are not sufficient for our needs. Above is the update that Allison Weiss posted to many of our feature ideas. She is asking for use cases for granularity and we really need to justify each and every one. I made a document to track discussions and feature ideas related to permissions:
Canvas Permissions and Granularity Feature Ideas
This is the sort of information that would assist in getting these changes made during this permissions audit. This information would need to be added as comments to the individual feature ideas, and if it needs to be pasted to more than one, then please do that. I know it's tiresome to post the same thing again and again, even though someone else has already done it, but they need to see that it's not just 5 people with these issues! We haven't gotten much traction because we haven't had enough use cases posted but my document above seems to have gotten some attention.
I'm also tagging @kona and cms_hickss since they have been so involved in getting attention to these feature ideas.
As many have pointed out here having the Read SIS data permission tied to the Add/remove students is problematic. I think there are several use cases.
Custom roles - Creating custom roles and applying permissions as desired with the right level of access. People who support teachers and students need access to this data to help troubleshoot issues.
Teacher role - They need to see SIS data to make sure this matches the enrollment is the SIS(Datatel) roster. We don't want instructors adding/dropping students from Canvas since enrollment happens officially through the SIS.
In terms of cost for us, it means people in the teacher role in our system do not have access to some data that is helpful to their jobs. We are small institution so it doesn't impact us as much as it does for larger institutions. I can see how this can quickly become nightmare. For us the limitation means we probably won't expand our use of Canvas for other things until we have better permissions in place.
Big hug/ high five for mentioning this about the Read SIS data permission.
How do idea conversations work in the Canvas Community?
What is the feature development process for Instructure products?
How do I create a new idea conversation in the Canvas Community?