Feature Wiki

Information about planned and released features

Schede

Initial Permissions Guideline

1 Guideline

Newly introduced object types can only used by users if permissions were given to their roles. Therefore we need to define which general permissions are given to the default roles and role templates through the database update script.

1.1 Global Roles

Role

Given Permissions

Comment

User

  • visible and read

The user role in ILIAS should give read access to all object types in general - except for those objects that are mainly used for authoring [1]. Visible and read will allow users to see and access these objects if they have been created.

Guest

  • visible and read for root node and categories
  • visible for courses and groups (but no join)
  • read for item groups
  • none for other object types

The guest role in ILIAS is a role with reduced permissions compared to the user role. Guest should have the possibility to navigate in ILIAS. But access to content in ILIAS has to be given intentionally by a tutor or administrator.

Anonymous

  • visible and read for root node
  • visible for categories

Permissions for Anonymous are always given intentionally and manually. Only the top level of the repository should be accessible and the categories of level 1 visible by default.

Administrator

  • all permissions

System administrators have always all permissions for all objects.

1.2 Role Templates

Role Template

Given Permissions

Comment

Course Administrator

  • all permissions

The course admin should have all permissions within a course by default, incl. all create and edit permissions.

Course Tutor

  • visible, read and edit settings
  • create for basic objects
  • all permissions except of edit permissions

The course tutor should have edit permissions for the course and its content to assist the course administrator. Additionally, create permissions should be given for folders, groups, sessions, files, forums, weblinks and wikis.

Course Member

  • visible and read

The permissions given to a course member by default are similar to the user's permission. Visible and read for all content objects should be given, except for object types that are made mainly for authoring.

Group Administrator

  • all permissions

The group admin should have all permissions within a group by default, incl. all create and edit permissions.

Group Member

  • visible and read

The permissions given to a group member by default are similar to the user's permission. Visible and read for all content objects should be given, except for object types that are made mainly for authoring.

Author

  • all permissions related to content objects

The author has full permissions on content objects: learning modules (all types), files, glossaries, media pools

Local Administrator

  • all permissions

The local administrator role template should have all permissions by default.

The role template "Co-Author" should be removed for new installations.

1.3 Existing roles

2 Status

  • Effective from release: Release 4.4
  • Approved by Jour Fixe at: JourFixe-2012-11-26
  • Implementation status: { implemented completely | partly implemented | needs implementation }
  • Funding for streamlining existing features: { name of organisation }
  • Implementation of guideline: { all developers | name of responsible developer }

3 Discussion

Matthias Kunkel, 25 Nov 2012: I made a first suggestion for this guideline to be responsive to Mantis 10220.

JF 26 Nov 2012: We schedule this guideline for 4.4.

4 Implementation

...


[1] E.g. question pool test, question pool survey, media pool

Ultima modifica: 14. Lug 2015, 15:39, Kunkel, Matthias [mkunkel]