Currently, New Quizzes lazily uses a limited set of roles, presumably based on the high-level LTI Admin/Instructor/Student/Observer roles, or something along those lines. This means that someone a TA-based role that has minimal permissions and can't edit or grade anything in Canvas itself has full access to edit, moderate and view reports in New Quizzes. Similarly, we have an account-level role that is essentially read-only, for people who need to view everything within a subaccount, but not manage or edit anything. Such people also get full access in New Quizzes. It is not appropriate that such roles should be able to access this student data. This issue is acknowledged in the New Quizzes FAQs, and apparently Instructure are "currently planning the work to carry over Canvas Permissions into New Quizzes", See: https://community.canvaslms.com/t5/New-Quizzes-Resources/FAQ-New-Quizzes/ta-p/243540#toc-hId-9631399... However, this issue does not appear to be on the New Quizzes roadmap (https://community.canvaslms.com/t5/New-Quizzes-Hub/ct-p/new_quizzes_hub), even though I would consider it be considerably more important than many of the things that are.

New Quizzes should follow the permissions that are set for roles in Canvas, so that users with otherwise limited, read-only Canvas permissions are not able to edit, moderate and view reports in New Quizzes.

admin,instructor,ta,designer