Honestly, I am surprised I could not find this idea. Many LTIs involve financial contracts. While most of ours are broad-stroked (cost is not limited by individual activity or user), there are still plenty that are (i.e., textbook distribution). If, like our institution, these things are handled by the school (not the student) then it can be an issue for faculty to be able to add content that is not actually approved for a course. Going with the textbook scenario, we have a contract that allows faculty complimentary access to books that we have not already "purchased". This arrangement allows for the review of new books before committing to their adoption. However, this also means that an uppity instructor could have already checked out the latest edition of a book that just released last month and swap out the LTI link for the previous edition, but that new one has not been approved/purchased. An alternative problem is when transitioning from one LTI to another (i.e., change of product). It would not be unusual to have both products simultaneously loaded to your Canvas instance while you make the transition (redeveloping a course to use a different tool can be a major undertaking, never mind the scale of it being used across multiple courses). However, if the decision has been made to switch then it is likely unwanted to be able to continue to add the old LTI to new courses.

We do not want to remove the ability for faculty to add their own external tools or to use them if they were preloaded to a course, but being able to designate whether or not an external tool loaded at the account-level can be added to a course by non-admins would be a major improvement in preventing such issues. This could be as simple as a toggle on the external tool edit UI/XML option/API/etc. Ideally, this would have a secondary permission option at the role-level to prevent just anyone with an account-level role from having the ability to add them (i.e., "Can load restricted external tools"), but just having the option on the external tool itself is a huge step in the right direction. I think the most difficult part of implementation would be all the UI changes that are conditional on the permissions. As I said, we would not want to remove the ability to use the already loaded links, but faculty should not be able to change them, either.

admin,instructor,designer