[Analytics] User Activity and Analytics reports for Instructors: Exclude Masquerade activity

Status: Added to Theme Submitted by on ‎11-10-2015 11:34 AM
@For federal and state financial aid reasons, we need very accurate reporting of user activity.  It appears that the activity performed by an admin while masquerading is showing up on the user access report for the course and for the user activity on the people page, which are the places that faculty look to determine the last date of attendance for an  course. We know that Canvas Data has been released, but accurate user activity history needs to be in the hands of faculty as part of the normal business practice of reporting grades and last dates of attendance.

 

This idea is specifically to exclude any activity performed while masquerading from reports that instructors see, as well as provide easy access of information to admins about who performed these actions. 

 

Reports for Faculty

We are concerned because the reports that faculty see in the courses currently show any activity done while an admin masquerades as a user as the user's activity.  You can see the examples of this below in the screenshots.

 

As you can see below, it specifically states that this information would record as the admin performed them and not as the user. This essentially negates the usefulness of the “masquerade as user” functionality since it would adversely affect the user activity record and therefore the information that we report to auditing authorities.

127984_canvas1.jpgcanvas1.jpg

 

In the documentation at How do I masquerade as a user in an account?, it states that:

 

While you are masquerading, you can act like the user. You will see what the user sees, but the audit reports will show that you performed those tasks and not the actual user.

 

These course-level reports are the only way that faculty can get a last date of attendance and this isn't accurately displaying since it looks like the student did this. I was chatting with support and he said that "You will see the mark when they begin masquerading in the users account on the user page views with a /masquerade."

 

However, these audit logs are only available to Instructure support and not to the Instructors or even institution admins.

 

After reviewing this information with some help from our next level support we were able to determine the documentation saying that we(instructure) would be able to check our logs and see who did the masquerading and that it was not the students but the person masquerading. Unfortunately this is not associated with reports that are run by the institution. It is in the wording of the documentation that the confusion can be made. when it says You can take any action as though you are the user but the audit logs will show that you performed the tasks while masquerading. This you is referring to Instructure. Your desire for the logs to reflect correctly the masquerading is a great idea and I would love to have you input a feature request for this here: https://community.canvaslms.com/community/ideas/feature-ideas

 

User report of last activity on People page (prior to masquerading):

127985_canvas2.jpgcanvas2.jpg

  127986_canvas3.jpgcanvas3.jpg

After masquerading:

 

127987_canvas4.jpgcanvas4.jpg

127988_canvas5.jpgcanvas5.jpg

 

Reports for Admins

Additionally, we would like to request that the “Page Views” area on the users screen for admins by default exclude any masquerade activity.  This activity can be downloaded in the CSV file and is irrelevant in almost any case that we would be researching, or at least make it VERY obvious who performed this action.

127989_canvas6.jpgcanvas6.jpg

 

Please note that I spoke with two support agents yesterday who told me that the audit logs are available only to instructure support and not institution admins but it looks like this information is shown on the CSV file download on the Page Views screen for admins.

Added to Theme

Organize and manage data more efficiently Theme Status: Identified

38 Comments
cms_hickss
Community Coach
Community Coach
‎04-19-2016 06:56 AM

Part of me really doesn't want the masqueraded items in the page views but the other part does especially since it would be the proof that someone else was in the "student's shoes" (so to speak). So I really like the idea of a marker in the Page Views that makes it clear an item is a masquerade activity/item. It would also be great if on hover (or download) it gave user information for who did the masquerading.

Sylvia_Ami
Community Contributor
‎09-14-2016 10:10 AM

Hi Deactivated user​ - Do you have an update on your comment from 3/24/16 where you said, "Canvas Data now captures the real_user_id in the requests data (page views).  Any reports using Canvas Data can make use of this, which enables you to filter out masqueraded activity.  In addition, we plan to surface this when we redo the existing Canvas reports and dashboards (date: TBD)."

What is the status of redoing Canvas reports and dashboards? Has this already taken place? If not, do you have a timeline? Here is what I'm looking for:

  • I need to know if faculty there is a way a teacher can tell if a student's activity was the actual student vs. an admin masquerading as the student. For example, when a teacher looks at an access report for a student, will there be an indication that that page was from an admin masquerading?
  • Also, when an admin go to a user's account details and looks at page views, will there be an indication of the page was via masquerading? Will this be in the UI and/or the csv file?

Does anyone have an update on the idea that  @millerjm ​ initiated (Nov. 10, 2015)? Thanks.

millerjm
Community Champion
‎09-14-2016 10:25 AM

Hey  @Sylvia_Ami ​​:

Chris's comment about Canvas Data is the only response from Instructure to this feature request.

To address your specific questions...Faculty/Teachers have no way to tell if the student's activity was the actual student vs. an admin masquerading.

Admin masquerading activity is not excluded nor indicated on anything except for the CSV file that can be downloaded on User Account Details by an administrator.  There is a field on the CSV file for real_user_id which will indicate who took the action on behalf of the user.  Otherwise, it is in Canvas Data, which is also not accessible by instructors. 

This is a huge problem and instructors are not given the entire story when viewing the page view information. 

Sylvia_Ami
Community Contributor
‎09-14-2016 11:11 AM

Thank you  @millerjm ​.  I just tested this out and came to the same conclusion. Since your initial post and most of the activity in this discussion was several months ago, I was hoping that an update had occurred since then but not so. Until improvements are made on the data in the UI, admins will have to look at the Page Views csv file each time a student's activity is in question.

We have three colleges in our district and we are all in one Canvas instance. We have a few people at each college with admin access. I'm very nervous about that since anyone could masquerade as another user without the others knowing. Teachers will not be able to rely solely on the data they see on the People page (Last Activity column) and Page Views. Like many others who have responded in this discussion, teachers need accurate data available to them. Our immediate need is accurate user activity data in order to determine student's activity and Last Data of Attendance (LDA) for federal reporting purposes.

One consolation is that if an admin masquerades as a student and goes to course #1, it doesn't not affect the data a teacher sees in course #2.

millerjm
Community Champion
‎09-14-2016 11:19 AM

 @Sylvia_Ami ​, I would suggest having a conversation with your CSM about this and let them know about the importance of accuracy for this data for federal reporting purposes.  It's obviously important to many institutions since my idea got 131 votes...

Renee_Carney
Community Team
Community Team
‎10-28-2016 03:54 PM
  Idea is currently in Product Radar Learn more about this stage...
Renee_Carney
Community Team
Community Team
‎11-06-2017 01:31 PM

In the Canvas Beta Release Notes (2017-11-06) there is a section titled Act as User Audit Log Message.

The new message states

In the Act as User page, the page description includes clarification that audit logs record information about any user who acts as another user: However, audit logs record that you were the one who performed the actions on behalf of this user.

 @millerjm ‌

I'm particularly interested to hear if "However, audit logs record that you were the one who performed the actions on behalf of this user." meets your needs?

millerjm
Community Champion
‎11-07-2017 09:44 AM

Hi  @Renee_Carney ‌, no, this doesn't really take care of this problem.  Thanks for checking. If a staff member or Canvas support logs in as the student and clicks on their class, then the instructor would see that the student logged in to the class and created activity, even though the LOGS show that it was done by an admin.  The instructor never sees that this action was performed by anyone other than the student, which is still a huge problem.   

Joni

Nancy_Webb_CCSF
Community Champion
‎11-10-2017 11:42 AM

I agree with  @millerjm  instructors can't see audit logs.  We try to always be careful and not do anything in Masquerade that would affect the instructor's view of student activity (using Test or Beta environments whenever possible for example, or only masquerading as a student who's visited the class recently), but it would be much better if such activity were marked in access reports. 

(Would be great if instructors could see audit logs for activity in their own classes, but even then would be better if access reports showed that certain actions were done by masquerade activity.)

ChrisMedina
Community Participant
‎05-17-2018 01:06 PM

Why has this still not been addressed?