Shouldn't root admins be the only ones who can manage shared resources at the root account, with the exception with the one shared the resource?
In our sub-account structure, we have sub-account admins so they can manage courses and users at their school level. Because they have admin permissions, even though it is at the sub-account level, these users have full access to manage ALL of the Commons content in the (1) root level (our district) and (2) their sub-account level. That does not make sense to me.
- Root Account (1) - root admin is Tod.
- Sub-account (1A) - admin is Bill
- Sub-account (1B) - admin is Sue
- Sub-account (1C) - admin is Fred
- Good - A random teacher posts an item to commons at school 1A. Only Bill, Tod, and the random teacher can manage that resource (edit or delete).
- Bad - A random teacher posts an item to commons at school 1 (root account). Tod, Bill, Sue, and Fred all have access to manage that resource (edit or delete).