We have been conducting security reviews of user roles in Canvas and want to redesign the roles to allow the minimum access necessary for individuals to still be able to complete their work.
We have repeatedly struck an issue with the "Account-level settings - manage" permission, where many roles need access to the subaccounts. Some needing read only access and others manage access. But this course grained permission also enables some of the most critical features in Canvas: Authentication, Theme Editor, Account Settings and Terms.
We need Canvas to implement more granular permissions for "Account-level settings - manage" to break it down for safer delegation. At a minimum, we would like sub-account access to be removed from this role. Does Canvas have any plans to do this?