CC Support ticket - ref:!00DA00Ibsk.!500TU08ivHJ In CC portal, we have defined the administrators (eg User A and B) for the issuers. After the Canvas integration with CC, we realized that the sub account admins (default or custom admin roles) which include User A and B in the Canvas sub account will supersede the role in Credentials. If the person is a Canvas sub account admin then they will be able to alter the LTI in all courses in that account even if they are not User A and B. This increases the risk of user error and makes accountability difficult/ near impossible. Unauthorize canvas sub account admins (not User A and B) are able to make changes to the Credentials set up via the Canvas integration.

The canvas integration should ensure that the canvas sub account admins have the necessary permissions in Credentials as well.

admin