Community Help

chris_zimmer · ‎02-09-2024

I am a noob to the new quizzes feature and how it does item banks. With that out of the way...

When I open the Item Banks link to build a new bank or look at existing banks, and I select "All Banks" I see ALL the banks from across my entire university. Hundreds of banks that are not mine that I did not create, and have nothing to do with my content area.

Worse yet, I can share, copy, edit, and delete any one of these banks.

This is a HUGE security risk and surely this isn't the way Instructure intends for item banks to work. I'm not finding much about it. This is a new thing to my local Canvas admins as well. This renders the new quizzes completely useless to me. All it takes is one unethical individual and thousands of banks are compromised. I'm not going to waste any more time building banks knowing that anyone can delete, edit, or share them.

I'm an IS professor and teach basic computer security, and this just can't be real. This is just mind boggling.

chriscas · ‎02-09-2024

Hi @chris_zimmer,

I'm a Canvas admin for my institution, and I can confirm this is a permission that your school/institution admins can adjust. We actually had this on (unknowingly) for years until one of our faculty members recently let me know they could access all of the banks. I worked with Instructure support on this, and they pointed out that we had the "Item Banks - manage account" permission enabled for our teachers. I disabled that and if fixed the issue. We've had New Quizzes (formerly Quizzes2) available for years, so I'm not sure is that permission got set that way initially or not, but your Canvas admins can definitely switch it off unless they have a good reason to leave it enabled.

Hope this helps!

-Chris

View solution in original post

Jen_Charles · ‎02-09-2024

I'm not 100% sure on this, and hopefully someone can back me up, but I think this visibility is something set at the institution level by your Canvas admin. I am the technology integrator at our high school and know that many of our teachers are using item banks in new quizzes regularly (myself included). When I go into Item Banks and click on Institution Banks, I see nothing. When I click on All Banks I still ONLY see my own banks or banks that someone specifically and directly shared with me. I am not our top Canvas admin, so I don't have access to check this, but if we can't see each other bank's here, it seems it could be a local control thing.

Could anyone with full Canvas admin access at their institution check into this and verify if this is correct? Thank you!

chris_zimmer · ‎02-09-2024

For as little as I've seen about this, I was hoping it would be something at the institution level that our admins here could fix. I know I can't only be the second person to see this (I did find a post about this from 2021, but it got zero traction). I've gone far enough down the new quiz learning curve, that it is growing on me and it is a better tool than classic quizzes. It did take about 20 hours of frustration, cussing, message boards, and YouTube vids to get to that begrudging admiration for new quizzes though.

mzimmerman · ‎02-09-2024

I am a Canvas admin at my school. With my administrator account, I do have access to all the item banks. However, when logged in with a non-admin account, I only have access to my own item banks, or those specifically shared with that account or with that course.

@chris_zimmer , have you contacted the Canvas admins at your school to investigate, and see whether the item banks that you are seeing are specifically being shared or set to be available to all instructors under a particular sub-account, or if there is some other reason that you have access to them?

chris_zimmer · ‎02-09-2024

I did bring it my admins' attention and they are looking into it.

I can see 48 pages of item banks. I made a dummy bank and had a friend delete it. A friend who has nothing to do with my course. No role whatsoever--no guest, TA, instructor, no nothing. Needless to say I was a little freaked out. I'm glad all the responses thus far have been of the "your local admins should be able to fix this" variety.

chriscas · ‎02-09-2024

Hi @chris_zimmer,

I'm a Canvas admin for my institution, and I can confirm this is a permission that your school/institution admins can adjust. We actually had this on (unknowingly) for years until one of our faculty members recently let me know they could access all of the banks. I worked with Instructure support on this, and they pointed out that we had the "Item Banks - manage account" permission enabled for our teachers. I disabled that and if fixed the issue. We've had New Quizzes (formerly Quizzes2) available for years, so I'm not sure is that permission got set that way initially or not, but your Canvas admins can definitely switch it off unless they have a good reason to leave it enabled.

Hope this helps!

-Chris

chris_zimmer · ‎02-09-2024

Thank you for responding to me. I've shared your response with my local admins as well. I know they'd reached out to Instructure as well, so hopefully they can get this fixed up. I will trust that this can/will be fixed and keep building banks for new quizzes.

Item bank for new quizzes is a huge security risk

Why does the calendar indicate how many students w...

Survey from external source, duplicate with same l...

Calendar - timeslots

Student Access Problem

Assignment grade breakdown

Why does the calendar indicate how many students w...

MathJax and ASCII Math

quiz issues

How to Access Both SIS IDs from a Merged User Acco...

SSO Authentication in Mobile App

You're signed out

Item bank for new quizzes is a huge security risk

Community Help

View our top guides and resources: