Administrator

Roles & Permissions

Follow
Ryan Richins
  • Agilix team member
  • Updated:
    info_outline
    Created:

Customize roles and permissions to suit your needs

How do roles and permissions relate?

Roles in Buzz represent a predetermined set of permissions. You are required to assign users a role when enrolling them in a course, giving them that role's permissions within the scope of that enrollment. All roles are automatically inherited by subdomains.

There are four standard roles in Buzz. The permissions for these roles are defined at the domain root and cannot be edited. If you want to give a user a set of permissions that is different from those given to the predefined roles, you can:

  • Grant individual users specific permissions.
  • Create custom roles with custom permission sets (see Additional articles below).

Buzz's four predefined roles are:

  • Administrator: This is a domain role that gives a user all available permissions within all levels (Domains, Users, Courses, Enrollments, and Objectives).
  • Owner: This is a course role that gives a user complete control over the course. Course-level permissions include: Read, Owner, Read Full, Edit, Delete, View Gradebook, Setup Gradebook, Grade Assessments, Grade Assignments, Grade Discussions, and Submit Final Grades.
  • Teacher: This is a course role with the same permissions as the Owner, except they cannot delete the course or enroll users. Course-level permissions include: Read, Read Full, Edit, View Gradebook, Setup Gradebook, Grade Assessments, Grade Assignments, Grade Discussions, and Submit Final Grades.
  • Student: This is a course role with Read and Participate permissions, basically, allowing the user to take the course.

Granting domain and course permissions

You can assign roles and permissions in various places within Buzz:

  • When you grant them from the Permissions screen in the Domain tool, they are attached to the user and apply throughout the domain, regardless of the user's specific enrollments.
  • When you grant them from the Enrollments screens of either the Users or Courses tool, they apply only to that enrollment in the specified course.

Buzz permissions

The available permissions in Buzz fall under five different categories. These categories represent the component for which the permission grants privilege. They are: Domains, Users, Courses, Enrollments, and Objectives. The following tables describe the available permissions within each category.

Creating custom roles requires granting a combination of these permissions; you can edit these permissions sets after creation, but be aware that doing so changes permissions for all users assigned that role.

Domain permissions

In order for a user to employ domain role permissions, they must be granted from the Permissions screen in the Domain tool.

Domain Permission Role Type Allows users to ...
Owner Domain Grant, revoke, modify domain permissions for a user.
Create Domain Create domains and subdomains.
Read Domain Access the Admin app (this is the only permission that grants this access). Access (read) domain and subdomain information including subscriptions, roles, and settings.
Edit Domain Make changes to domains and subdomains, including subscriptions, roles, and settings
Delete Domain Delete domains and subdomains (including the domain they exist in).
Post Announcements Domain Post announcements to the domain.
Report Domain Run reports using domain data.

Users permissions

In order for a user to employ domain role permissions, they must be granted from the Permissions screen in the Domain tool.

Users Permission Role Type Allows users to ...
Owner Domain Assign rights and subscriptions to domain users.
Create Domain Create domain users, but cannot manage permissions.
Read Domain Access the domain user information.
Edit Domain Make changes to domain user information (first name, last name) and change password. Cannot edit permissions or username.
Delete Domain Delete domain users.
Proxy Domain Sign in and make changes as another domain user.
Report Domain Run reports using domain user data.

Courses permissions

In order for a user to employ domain role permissions, they must be granted from the Permissions screen in the Domain tool.

Courses Permission Role Type Allows users to ... Grants other permissions?
Read Course and Domain Access (read) specified courses in the domain. No
Participate Course Complete activities in specified courses; this permission is only available for student users. Yes: Read Course is granted for Course roles.
Owner Course and Domain Grant rights to specified courses. Yes: Read Course and Read Full Course are granted for Course roles.
Create Domain Create courses in the domain. Yes: Read Course and Read Full Course are granted for Course roles.
Read Full Course and Domain Access (read) all course content data in the domain, including assessment questions and hidden-from-student content, regardless of their other enrollment rights in the course. No
Edit Course and Domain Make changes to specified courses. Yes: Read Course and Read Full Course are granted for Course roles.
Delete Course and Domain Delete specified courses. Yes: Read Course and Read Full Course are granted for Course roles.
Report Course and Domain Run reports using specified course data. No
View Gradebook Course and Domain Access specified course Gradebooks. Yes: Read Course and Read Full Course are granted for Course roles.
Setup Gradebook Course and Domain Setup specified course Gradebooks and make changes to their settings (grading schemes, grade scales, item weight, etc.) in Activity Data and Course Data. Yes: Read Course and Read Full Course are granted for Course roles.
Grade Assessments Course and Domain Grade assessments in specified courses. Yes: Read Course, Read Full Course, and View Gradebook are granted for Course roles.
Grade Assignments Course and Domain Grade assignments in specified courses. Yes: Read Course, Read Full Course, and View Gradebook are granted for Course roles.
Grade Discussions Course and Domain Grade discussion activities in specified courses. Yes: Read Course, Read Full Course, and View Gradebook are granted for Course roles.
Submit Final Grades Course and Domain Submit final grades for specified courses and their grading periods. No

Enrollments permissions

In order for a user to employ domain role permissions, they must be granted from the Permissions screen in the Domain tool.

Enrollments Permission Role Type Allows users to ...
Owner Domain Grant and revoke specified enrollment rights.
Read Domain Access data, including grades, that is associated with the specified enrollments.

Objectives permissions

In order for a user to employ domain role permissions, they must be granted from the Permissions screen in the Domain tool.

Objectives Permission Role Type Allows users to ...
Read Domain Access objectives and objective maps from specified objective sets.
Edit Domain Make changes (add, update, or delete) to objectives and objective maps from specified objective sets.

Comments (15)

Sort by
Matthew Marichiba

Can you please give a high-level description of the relationship between Roles and Permissions? Why do roles apply to some things and permissions apply to others? When both options are available (Domain Options > Menu Entries - Custom, in particular), how do they interact? The existing docs note that these concepts intersect, but I cannot make heads or tales of why and to what end. It's not for lack of trying to understand! Thanks!

0 Comment actions Permalink
Ryan Richins
  • Agilix team member

Hi Matthew,

I've updated this article's introduction to (hopefully) better describe this relationship. Please don't hesitate to follow up on anything that is still unclear.

With relationship to the specific selection you mentioned (Settings > Domain Options > Menu Entries - Custom), there is some confusing overlap with the use of the term "Role":

  • In this specific instance, the Role field is asking you to identify which Buzz app you want the menu item to appear in (Admin, Teacher, Student, or Parent/Observer), and doesn’t indicate any inherent permissions. So, if you entered "Teacher" there, that menu item would only appear for users who choose “Teacher” when signing into Buzz.
  • The Rights field is asking for the specific permissions necessary to see the menu item, once the user is signed in.

This is, admittedly, confusing and we will look into ways to clarify either in the product, our documentation, or both.

Thanks and let us know if you need anything more.

0 Comment actions Permalink
Shane Foglesong

Is there a way to set the permissions so an observer of a student can view any part of the course without restrictions? This applies to elementary student parents who want to prepare for future lessons. Currently they cannot see past what their student has completed. Can we keep the restrictions for students, but allow observers to not be effected by them?

0 Comment actions Permalink
Jennifer Parzych

I have a question about Roles and Permissions. I have noticed this week that when I give the teacher the role of Owner they do not have the right to "Create" under "Manage Courses" and they do not have the right to "invite Students" to a course. I am not sure why this is. Please advise. 

0 Comment actions Permalink
Brad Marshall
  • Agilix team member

Shane, as of right now, observers have the same viewing rights as the student they observe. Observers cannot see anything that the student cannot.

Jennifer, in addition to the permissions they need in the course to add users, the teacher must also have domain permissions to find the users. So, they must have the "Users: Read" permission on the domain to add existing users to the course. Similarly, if they need to be able to have the rights to create and add new users to their course, they must also have "Users: Create". 

0 Comment actions Permalink
Cora Scherer

We are working on integration with Buzz and was wondering what permission should we set for the integration user to update the external ID of the enrollment?  I don't see a edit permission on enrollments.  We will be querying the list of enrollments with course and user so its read permission on both courses and users but can't find documentation on what's required to give the integration user ability to edit the enrollment field.  

0 Comment actions Permalink
Brad Marshall
  • Agilix team member

Hey Cora!

To edit enrollments (grant, modify, delete), you need the "owner" (or control) permission on the course. Similarly, the user will need permissions to see all users (read users).

Does this help?

1 Comment actions Permalink
Jennifer Buelin-Biesecker

Hello,

We are using single sign on to manage our teacher and administrator user creation so that integration with our database functions as it should. However, students are not part of that database (that's intentional) and are therefore not accessing buzz via SSO. We want our teachers to be able to upload rosters, but NOT to "invite" students -- this creates trouble. They simply share the URL for their landing page and students can log in successfully.

The problem is that some teachers are not following our click-by-click tutorial (including screenshots!). Some are attempting to invite students to the course instead. 

Is it possible for me to keep their ability to upload rosters (so creating students, but nobody else), but disable the invitation feature? 

Thanks!

Jenny

0 Comment actions Permalink
Varshini G

What is the difference between an Course Owner permission on Domain level vs Course Edit permission on Domain level? What are the commands available for a course owner that are not available for a person with a course edit permission on the courses?

0 Comment actions Permalink
Brian Williams
  • Agilix team member

Hello Varshini!

Owner: Course and Domain Grant rights to specified courses.

Read Course and Read Full Course are granted to the role.

This allows a user to read courses within the domain and the user can read all course content data, including assessment questions and hidden-from-student content, regardless of their other enrollment rights on the course. It does not grant Edit permission within role. 

When Owner permission is added, Buzz auto adds  Read Course and Read Full Course. The course “owner” bit: user is the course owner and can grant rights for it (such as inviting students to the course). 

 Edit : Course and Domain Make changes to specified courses.

Yes: Read Course and Read Full Course are granted for Course roles.

When edit is added as a permissions Buzz, auto adds Read Course and Read Full. The Edit permission allows the user to be able to edit the course such as use the course editor. 

0 Comment actions Permalink
Shaun Creighton

I'm playing around with roles/permissions and trying to figure out specifically how to do something like this:

Sami Student is enrolled in ABC High School, and her Buzz account is set up in a domain/userspace specific to that school (abc).

This students takes most of their courses at ABC High School ... the courses (and subsequent enrollments) are also contained in the domain/userspace for ABC High School (abc).

The student does take a single class at XYZ Online Academy ... that course (and enrollment) is contained in a different domain/userspace (xyz).

Chris Counselor works at ABC High School and his account is set up in that userspace (abc). He needs to check in on his assigned students' progress to make sure they're on track for graduation, so he needs read-only and reporting access to Sami's progress not just for her courses at ABC High School, but the courses she's taking at XYZ Online Academy, as well (and needs similar access for hundreds of other students whose main school is ABC High School).

Dawn Director is in charge of XYZ Online Academy and her account is set up in that userspace (xyz). She wants to make sure students enrolled in XYZ courses are making good progress, and wants to get data on overall course completion at XYZ, so she needs read-only and reporting access for all XYZ courses no matter which "main" school the students attend, and she does not need (or want) access to progress on courses these students are taking at their home school (like ABC High School).

What permissions would Chris and Dawn to have in these scenarios? I am comfortable setting up custom roles and assigning permissions, but not sure which ones to do (and specifically, if they would need to be over courses, users, domains, or some combination thereof).

0 Comment actions Permalink
Brad Marshall
  • Agilix team member

@Shaun:

Chris Counselor could go a few ways. If you made Chris an observer to each of his students, then he could follow each of their progress regardless of where their courses are housed. However, if Chris oversees hundreds, this could become difficult to manage if you are not using a CSV or the API. If you do not want to use the observer method, then you could grant him read user, course, gradebook, and domain rights on the main domain and then read course, gradebook, and domain rights on the online academy domain. However, this would grant Chris rights to all users in the main domain.

As far as Dawn, she should only need read course, gradebook, and domain rights on the online academy domain to see data related to those courses.

0 Comment actions Permalink
Shaun Creighton

Thank you (as always) for your thorough and clear responses, Brad. Of course I have another question for you ...

Similarly to my last question, we need to give someone access to monitor student progress and update enrollments for students and courses only in one domain, which seemed pretty straightforward. We gave him the domain permissions you see below (including Read and Owner permissions on enrollments), and when I proxy in as this user I can see courses, students, gradebooks, etc. ... but I am unable to change anything about the enrollment. Specifically, we need this person to be able to mark enrollments as completed, so not being able to do this is problematic. Is there some permission I'm not thinking of? This course and all of the students enrolled in it are all within the domain that we have granted him permissions in.

0 Comment actions Permalink
Brad Marshall
  • Agilix team member

Shaun, to modify an enrollment's status (or other associated enrollment settings) within a course, you must have the Courses > Owner permission.

0 Comment actions Permalink
Shaun Creighton

Still trying to get this right. Going back to my "Dawn Director" example from May ... Dawn actually needs to be able to look up individual student progress for students taking courses from the online academy, even if those students have accounts that are housed in a different domain. So at our root domain, I gave Dawn these permissions:

 

And on the domain where the courses (and enrollments live) I gave Dawn these permissions:

 

Dawn doesn't have course or enrollment permissions at the root domain ... these are only assigned at the specific domain for the online academy. And yet when I proxy in as Dawn, I can search for users across all domains (which makes sense given the root domain permissions) and see full performance/grade information for courses that are not in the online academy domain. This is even true for students who aren't taking any courses in the online academy domain. It seems like this would require more permissions at the root level than Dawn actually has, but I have verified that Dawn only has the domain permissions I've listed above.

0 Comment actions Permalink
Please sign in to leave a comment.