[ARCHIVED] The "Account-level settings - manage" permission is to coarse grained
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We have been conducting security reviews of user roles in Canvas and want to redesign the roles to allow the minimum access necessary for individuals to still be able to complete their work.
We have repeatedly struck an issue with the "Account-level settings - manage" permission, where many roles need access to the subaccounts. Some needing read only access and others manage access. But this role also enables some of the most critical features in Canvas: Authentication, Theme Editor, Account Settings and Terms.
In order to give sub-account access and withhold access to the other features we are proposing a Javascript Theme filter that hides and inactivates the more powerful screen controls. This can still be bypassed and must be maintained over time to avoid accidental exposure.
We need a more reliable solution such as Canvas implementing more granular permissions to break them down for safer delegation. At a minimum, we would like sub-account access to be removed from this role. Does Canvas have any plans to do this?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is not currently possible in Canvas, but you could create a new Idea Conversation for this functionality in this community.
- How do idea conversations work in the Canvas Community?
- How do I create a new idea conversation in the Canvas Community?
A quick search of Idea Conversations did produce this gem: More granular permissions for admins
You can rate it, add your own use-case scenarios, or even create your own new idea.
Good luck,
Kelley
This discussion post is outdated and has been archived. Please use the Community question forums and official documentation for the most current and accurate information.