cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Community Member

Too many Canvas admins - suggestions?

Hi Canvas community (especially admins),

Our Canvas instance has 26 global admins (of 200+ employees), making it *seem* like an abnormally large number (>13% of our employees are Canvas admins!). Of these, most are non-technical people who simply need default access to each and every course to monitor what's happening in there, and are not really administering Canvas. To me, it seems like this could invite accidental trouble if one of them accidentally does something catastrophic.

Question 1: Is the number of global admins too big?
Question 2: If yes, what would/should be an ideal number of admins?
Question 3: Is there an alternative to making some of these global admins into "observer admins"? (they can't make any changes, but they can observe every course)

Question 4: Are there any best practices or suggestions on how this can be managed?

Thanks in advance.

8 Replies
Highlighted
Community Coach
Community Coach

Hi kunal.ashar@emeritus.org

As you noted, there can be lots of reasons why an account can have many Admins. But you can also manage the permissions of all those admins to minimize risk..Learn how at How do I set permissions for an account-level role? You might also want to refer to https://community.canvaslms.com/docs/DOC-10830-421473662 Rather than simply creating another admin, you can create a new account level role to meet a specific need, and grant the appropriate permissions.

I hope this helps,

Kelley

Highlighted
Community Advocate
Community Advocate

Hi Kunal,

While we can't as a community say if 26 is too high or not because each school is setup differently and can use Canvas as they feel best servers their needs, we can help you with how we have set ours up.

For my school we have 4 true account admins. For those who need to be able to see all courses we have created a role called Manager. Which gives them access to every course but not the true admin functions (changing permissions, adding users to production courses, etc.)  This seems to work well for us because if there is a change that needs to be made there are very few people who have the permission or would be involved in making that type of global change. 

If you have more specific questions about how the role is setup or used let me know and I'll be glad to address your specific questions. 

Highlighted
Community Coach
Community Coach

kunal.ashar@emeritus.org, I would agree with what has already been said. Each school has its own set up, so I can’t say if what your school is doing is right/wrong. Yet, as a frame of reference we have 4 global admins, but only 3 really do anything in Canvas. All other observing and checking by other people is done as part of sub accounts, which we set up specific permissions for the sub account admins so they can do what they need to do, but not everything a full admin can do. 

Hope this helps!

Highlighted

This is exactly how we do it. I am the "true" admin, but there are 3 others in IT that can access the same as myself. They do not do that on a day to day basis, unless I am out of the office, but even then they will check with me first if it is a major change. Mostly the other admins have access to address technical issues in Canvas, or to help a person with access. We also have other admins that we have set special permissions for doing the SIS integrations, but at most we have only two people that have those permissions. If anyone else needs access to see all of a certain class (say English), we give them access as an admin at the sub-account level.

Highlighted
Community Member

Thank you for your responses, kona@richland.edu‌, bneporadny@southcollegetn.edu‌ & kelley.meeusen@cptc.edu‌. While I'm aware of [custom] roles (I've created several in the past), my challenge is that I need a way for certain people in my organization (who are currently global admins) to be *automatically* added by default, as, say, a custom role (or an Observer) to each and every new course that is created.


So far, every time a new course is created, the course creators neglect/forget to add a bunch of people to the courses [as observers]. To bypass this, those "forgotten" people were made global admins, so that they get access by default to any new course that is created. Unfortunately, the number of such people who need "Observer" access to *every* course has grown to 10-15, and all of them have been made global admins.

Now, my Canvas instance is saddled with 26 global admins, all of whom really need to be Observers, but are [dangerously] global admins. Is there a way to make them all Observers, by default, for every course that is created? The long answer is probably "set up a process", but that hasn't worked so far.

Highlighted

Actually, never mind. I think I know what you mean when you say, set up Account Roles. I set up a custom account role of a "Limited Observer" and assigned that role to the "Global Observers" in my organization. I'm assuming that this will add them by default to all new (and existing) courses as Observers with limited permissions.

Highlighted

If you set up subaccounts then the admin for that subaccount would automatically have access to any courses added to that subaccount. You wouldn’t need to add the person to the courses, they would have access per them being an admin for that subaccount.

Example: Out culinary Director is an admin for the culinary subaccount. Very culinary class is in the subaccount (past, current, and newly created), so the culinary Director has automatic access to the courses without anyone needing to add him to anything.  

Kona

Highlighted

Hi Kunal,

To be able to view all courses does not mean that a user has to be a global admin, just that they are setup at the top sub-account with an account role‌ that gives them view access to all courses. The one that they must have to be able to view the courses is the Course - view list. Without that permission being enabled they will not be able to view or search for courses.  You can go through the rest of the view permissions and decide what you'd like to grant them access to view and not. 

284316_pastedImage_2.png