Benchmark Comparison

RBAC platform benchmarking

Five platforms were selected for analysis to identify common practices and industry standards in role-based access control (RBAC). The goal is to establish a benchmark that Open edX can aim for in developing a robust and flexible RBAC system tailored to its unique needs.

The platforms analyzed are:

This analysis focuses on extracting key features, comparing functionalities, and providing actionable recommendations for enhancing Open edX's RBAC capabilities.

Role Hierarchy:
- Shared features: All platforms employ a hierarchical structure to manage roles and permissions. This structure ensures scalability and supports organizational needs by applying roles across different levels.
- Notable Feature:
  - Moodle's context-based hierarchy aligns permissions with specific system levels (e.g. courses, modules).
  - Canvas and Blackboard implement multi-level hierarchies with clear segmentation (e.g. account > sub-account > course).
Default Roles:
- Shared features: All platforms provide predefined roles to cover essential use cases out of the box (e.g. Admin, Instructor, Student).
- Notable Features:
  - Blackboard's Grader and Canvas's Observer roles illustrate roles tailored for specific tasks or non-participatory involvement.
Custom Roles:
- Shared Feature: All platforms allow for the creation or customization of roles, either by duplicating existing roles or building new ones from scratch.
- Notable Feature:
  - Moodle and Blackboard enable administrators to create roles tailored to specific capabilities or workflows.
  - Canvas allows highly granular modifications, ensuring that custom roles meet precise requirements.
Granularity:
- Shared features: All platforms provide varying levels of granularity, Canvas and Blackboard stand out for offering extremely detailed permissions but all of them provide a high level of granularity allowing the administrator to tailor the permission for each role.
- Notable Feature:
  - Canvas's ability to control permissions at a feature-specific level (e.g., separate permissions for creating, moderating, and viewing discussions).
  - Blackboard's 1,100+ privileges enable robust control but may overwhelm users without streamlined management tools.
Overrides:
- Shared features: Override capabilities are present in all systems, allowing role-specific or context-specific adjustments.
- Notable Feature:
  - Moodle's four override states (Inherit, Allow, Prevent, Prohibit) simplify adjustments but limit granularity.
  - Canvas and Blackboard allow granular overrides at all levels
Permission Inheritance:
- Shared features: All platforms rely on inheritance to reduce redundancy and simplify management.
- Notable Feature:
  - Moodle’s context-sensitive inheritance supports scalability, while Canvas and Blackboard provide overrides to refine inherited permissions.

Feature/Platform	Moodle	D2L Brightspace	Canvas	Blackboard	Toast
Role Hierarchy	System Front Page Course Category Course Module Block User	Organization Faculty/Department Courses	Account Sub-Account Course	System Institution Course	Group Restaurant User
Default Roles	Manager Course Creator Teacher (Editing) Teacher (Non-editing) Student Guest Authenticated User Authenticated User on Frontpage	Admin Instructor Guest Student	Account Admin Teacher TA Designer Student Observer	System Admin Instructor Grader Student Guest	Admin Manager Cashier Server Delivery Driver
Role Customization	Copy and edit roles	Copy and edit roles	Copy and edit roles	Copy and edit roles	Copy and edit roles
Granularity and Overrides Flexibility	Highly granular Allows overrides per context	Highly granular Allows overrides per context	Extremely granular Allows overrides per context Fine-tuned permission control	Extremely granular Allows overrides per context 1,100+ specific privileges	Highly granular Overrides at user level
Permission Inheritance	Yes	Yes	Yes	Yes	Yes