Feature Wiki

Information about planned and released features

Tabs

Initial Permissions Guideline

Page Overview

1 Guideline
- 1.1 Global Roles
- 1.2 Role Templates
- 1.3 Existing roles
2 Status
3 Discussion
4 Implementation

1 Guideline

Newly introduced object types can only used by users if permissions were given to their roles. Therefore we need to define which general permissions are given to the default roles and role templates through the database update script.

1.1 Global Roles

Role	Given Permissions	Comment
User	visible and read	The user role in ILIAS should give read access to all object types in general - except for those objects that are mainly used for authoring [1]. Visible and read will allow users to see and access these objects if they have been created.
Guest	visible and read for root node and categories visible for courses and groups (but no join) read for item groups none for other object types	The guest role in ILIAS is a role with reduced permissions compared to the user role. Guest should have the possibility to navigate in ILIAS. But access to content in ILIAS has to be given intentionally by a tutor or administrator.
Anonymous	visible and read for root node visible for categories	Permissions for Anonymous are always given intentionally and manually. Only the top level of the repository should be accessible and the categories of level 1 visible by default.
Administrator	all permissions	System administrators have always all permissions for all objects.

1.2 Role Templates

Role Template	Given Permissions	Comment
Course Administrator	all permissions	The course admin should have all permissions within a course by default, incl. all create and edit permissions.
Course Tutor	visible, read and edit settings create for basic objects all permissions except of edit permissions	The course tutor should have edit permissions for the course and its content to assist the course administrator. Additionally, create permissions should be given for folders, groups, sessions, files, forums, weblinks and wikis.
Course Member	visible and read	The permissions given to a course member by default are similar to the user's permission. Visible and read for all content objects should be given, except for object types that are made mainly for authoring.
Group Administrator	all permissions	The group admin should have all permissions within a group by default, incl. all create and edit permissions.
Group Member	visible and read	The permissions given to a group member by default are similar to the user's permission. Visible and read for all content objects should be given, except for object types that are made mainly for authoring.
Author	all permissions related to content objects	The author has full permissions on content objects: learning modules (all types), files, glossaries, media pools
Local Administrator	all permissions	The local administrator role template should have all permissions by default.

The role template "Co-Author" should be removed for new installations.

1.3 Existing roles

2 Status

Effective from release: Release 4.4
Approved by Jour Fixe at: JourFixe-2012-11-26
Implementation status: { implemented completely | partly implemented | needs implementation }
Funding for streamlining existing features: { name of organisation }
Implementation of guideline: { all developers | name of responsible developer }

3 Discussion

Matthias Kunkel, 25 Nov 2012: I made a first suggestion for this guideline to be responsive to Mantis 10220.

JF 26 Nov 2012: We schedule this guideline for 4.4.

4 Implementation

...

[1] E.g. question pool test, question pool survey, media pool

Last edited: 14. Jul 2015, 15:39, Kunkel, Matthias [mkunkel]