/
Canvas

Canvas

Role hierarchy

Canvas employs a hierarchical structure for managing roles and permissions, designed to mirror an organizational structure. This hierarchy consists of three main levels:

 

  • Account Level: Account-level permissions are inherited down to lower levels.

  • Sub-Account Level: Sub-accounts allow organizations to divide their Canvas account into smaller units, often aligning with departments, schools, or programs. Each sub-account has its own permissions page, allowing sub-account administrators to manage permissions within their sub-account.

  • Course Level: This level focuses on individual courses. The platform has 5 default roles: Student, Teacher, TA, Designer, and Observer. They are designed to cover the needs of managing and participating in courses. 

  • Section Level: They are cohorts of a course, where the same roles as in the course hierarchy exist, but are limited to the cohort.

Default Roles 

Account Level:

  • Account Admin: The Account Admin has broad permissions to manage settings and features for the entire Canvas account, including managing users, courses, sub-accounts, and system-wide configurations.

Course Level:

  • Student: The Student role is focused on participating in courses, accessing course materials, submitting assignments, and engaging in course activities.

  • Teacher: The Teacher role is responsible for managing all aspects of a course. The Teacher role permissions allow users to create and manage content, create and grade assignments, moderate discussions, and communicate with students.

  • TA (Teaching Assistant): The TA role assists the Teacher in managing the course. TAs have permissions related to grading, moderating discussions, and providing student support.

  • Designer: They have permission to edit course content, create pages, and manage course settings. The Designer role focuses on the organization and presentation of course materials, but can’t edit or view grades.

  • Observer: The Observer role is designed for individuals who need to observe a course without actively participating. Observers may be reviewers, partners, or other individuals who need to have access to the course content.

 

Teachers can grant all roles to a user between a course. TA and Designers can also grant other roles, but they are limited to a specific set of roles.

Permissions administration 

Canvas's permission system is highly granular, enabling administrators to control user actions. Canvas separates different actions within a feature into distinct permissions. For example, within the "Discussions" feature, there are separate permissions for creating, moderating, posting, and viewing discussions.

Canvas provides an interface for managing permissions. Administrators can enable or disable specific permissions for different roles.

Key aspects of permission management in Canvas include:

  • Locking Permissions: Administrators can lock permissions to prevent lower-level administrators from making changes, ensuring consistency and control over critical permissions.

  • Grouped Permissions: Some permissions are grouped to provide administrators with the option to manage them as a group or individually. For example, the "Manage Courses - conclude/delete/publish/reset" permission allows administrators to control various aspects of course management collectively or granularly.

  • Permission Inheritance: Permissions in Canvas follow a principle of inheritance, flowing down the hierarchy from the account level to the sub-account level and finally to the course level unless it is specifically overridden at a lower level.

  • Overrides: Administrators can override inherited permissions at lower levels to tailor access control to specific sub-account or course requirements. For example, a sub-account administrator might grant additional permissions to a role within their sub-account that differs from the account-level settings.

Role Customization: 

 

While the default roles in Canvas cover many common scenarios, organizations often need to adapt the platform to their specific workflows and requirements. Canvas allows administrators to create custom roles, that allow user access and capabilities beyond the predefined options.

Administrators can create a new user role by selecting a base role and then modifying the permissions granted to that role.

This applies to all the hierarchies of roles.

 

 

Source material:

Accounts and subaccount hierarchy:
https://community.canvaslms.com/t5/Admin-Guide/What-is-the-hierarchical-structure-for-Canvas-accounts/ta-p/153

Permissions of an administrator: https://community.canvaslms.com/t5/Canvas-Resource-Documents/Canvas-Account-Role-Permissions/ta-p/387078

 

Default course permissions:
https://community.canvaslms.com/t5/Canvas-Resource-Documents/Canvas-Course-Role-Permissions-Comparison/ta-p/511022

Creating roles: https://community.canvaslms.com/t5/Admin-Guide/How-do-I-add-a-new-user-role-in-Canvas/ta-p/99