Tool | Permission Description | Permission (as it exists in the realms) | Considerations |
Home | View the Site | site.visit | |
Home | View the Site (unpublished) | site.visit.unp | This permission cannot be changed by the instructor - you can only change it in the realm. So, for example, if a teaching assistant needs access to an unpublished site, then an admin would have to grant the TA this permission if your instance isn't configured to allow TAs to view unpublished sites. |
Aliases | Create new aliases in the Aliases tool in the Admin Workspace | alias.add | Unsure whether this permission still does anything. |
Aliases | Delete Aliases in the Aliases tool in the Admin Workspace | alias.del | Unsure whether this permission still does anything |
Aliases | Make Changes to Aliases in the Aliases tool in the Admin Workspace | alias.upd | Unsure whether this permission still does anything |
Announcements | Create OR view announcements for all groups | annc.all.groups | So, if you have this permission AND the annc.new permission, that means you'll have permission to create announcements for all groups and sections that exist in your site, even if you are not a member of those groups or sections. If you have this permission AND the annc.read permission, that means you'll be able to VIEW announcements that were created for groups and sections other than those to which you belong. |
Announcements | Delete any announcement | annc.delete.any | |
Announcements | Delete announcements you own | annc.delete.own | |
Announcements | Create new announcements | annc.new | |
Announcements | Read announcements | annc.read | |
Announcements | Read draft announcements | annc.read.drafts | This will also allow a user to read draft announcements that someone else created |
Announcements | Revise any announcement | annc.revise.any | |
Announcements | Revise only announcements you own | annc.revise.own | |
Assignments | Create/View new Assignments for all groups | asn.all.groups | So, this permission behaves like the annc.all.groups permission. |
Assignments | Delete Assignments | asn.delete | |
Assignments | Create new Assignments | asn.new | |
Assignments | Grade Assignments | asn.grade | |
Assignments | Read Assignments | asn.read | |
Assignments | Can opt in to receive notifications when students submit assignments | asn.receive.notifications | When you create an assignment, you will see the notification options during creation. Anyone in your site who has this permission will be subjected to your notification choice when the students start submitting assignments. |
Assignments | Revise assignments | asn.revise | Does not work unless role also has asn.new permission |
Assignments | See draft assignments that other people created | asn.share.drafts | |
Assignments | Submit assignments and appear in the list of assignments to be graded | asn.submit | If an instructor is granted this permission, then the instructor will see his/her name (as well as the names of all other instructors) in the list of assignments to be graded. This is sometimes annoying to instructors, so you should consider this when you're making decisions about default permissions. |
Calendar/Schedule | Create/View new calendar entries for all groups | calendar.all.groups | Again, this works like the annc.all.groups permission. |
Calendar/Schedule | Delete any calendar entry | calendar.delete.any | |
Calendar/Schedule | Delete own calendar entry | calendar.delete.own | |
Calendar/Schedule | Import Calendar entries | calendar.import | |
Calendar/Schedule | Create new calendar entries | calendar.new | |
Calendar/Schedule | Read Calendar entries | calendar.read | |
Calendar/Schedule | Revise any calendar entry | calendar.revise.any | |
Calendar/Schedule | Subscribe to iCal | calendar.subscribe | Have noticed that the option to subscribe to iCal does not appear by default in a user's personal workspace unless the user grants themselves the permission. A way to solve this globally is to add the calendar.subscribe permission to the maintain user in the !site.user realm when you do your initial configuration. |
Calendar/Schedule | Revise own calendar entry | calendar.revise.own | |
Chat Room | Delete any chat entry | chat.delete.any | |
Chat Room | Create new chat channel | chat.new.channel | |
Chat Room | Delete new chat channel | chat.delete.channel | |
Chat Room | Revise a chat channel | chat.revise.channel | |
Chat Room | Delete only chat entries you own | chat.delete.own | Some schools think it's necessary to grant students this permission, and other schools won't allow students to delete any of their own chat posts (to preserve the record in accordance with local policy). You decide. |
Chat Room | Post new chat entries | chat.new | |
Chat Room | Read chat entries | chat.read | |
JForum | Administer JForum tool | jforum.admin | Do not give instructors this permission; it is a permission for admins only. |
JForum | Manage JForum discussions | jforum.manage | Not part of core Sakai |
JForum | Participate in discussions | jforum.member | Note part of core Sakai |
Drop Box | Dropbox created automatically when the user account is created | dropbox.own | |
Drop Box | Ability to see/manage all dropboxes in a site | dropbox.maintain | |
Email Archive | Delete any emails | mail.delete.any | |
Email Archive | Create/Send new email | mail.new | |
Email Archive | Read/Receive email | mail.read | |
OSP Evaluations | Evaluate | osp.matrix.evaluate | |
OSP Evaluations | View Owner | osp.matrix.viewOwner | |
Forums | See below this table for instructions on configuring Forums permissions | ||
Forms | Create | metaobj.create | |
Forms | Edit | metaobj.edit | |
Forms | Delete | metaobj.delete | |
Forms | Publish | metaobj.publish | |
Forms | Suggest Global Publish | metaobj.suggest.global.publish | |
Forms | Export | metaobj.export | |
Glossary | Create | osp.help.glossary.add | |
Glossary | Edit | osp.help.glossary.edit | |
Glossary | Delete | osp.help.glossary.delete | |
Glossary | Export | osp.help.glossary.export | |
Gradebook and Gradebook2 | Edit assignments in the Gradebook | gradebook.editAssignments | |
Gradebook and Gradebook2 | Grade anything in the Gradebook | gradebook.gradeAll | |
Gradebook and Gradebook2 | Grade section | gradebook.gradeSection | If you ever want a role to be able to grade something in the gradebook (ever), then they MUST at least have this permission (if not the gradeAll permission). Also note that the section.role.ta permission (for the sections tool) determines WHO appears in the "graders" list in the gradebook. So, gradebook (and gradebook2) borrow this section role permission. |
Gradebook and Gradebook2 | View your own grades | gradebook.viewOwnGrades | This permission is what identifies students in the gradebook. If you have something like a guest role or an auditor role, consider whether you want them to get grades like official students. If you want them to get grades like official students, then you can grant the guest or the auditor role this permission. Beware that the instructors cannot change this permission in their course sites, so decide wisely. The gradebook tool also borrows the section.role.student permission. See http://jira.sakaiproject.org/browse/SAK-14772 for more information. |
Melete | View, Author, Manage Modules and Content | melete.author | Not part of core Sakai |
Melete | View Modules and Content | melete.student | Not part of core Sakai |
MailSender | Administer the mailtool within your site | mailtool.admin | This is for MailSender, and not everyone uses Mailsender |
MailSender | Send mail from mailtool | mailtool.send | This is for MailSender, and not everyone uses Mailsender |
Matrices | Create | osp.matrix.scaffolding.create | |
Matrices | Review | osp.matrix.review | |
Matrices | Delete.any | osp.matrix.scaffolding.delete.any | |
Matrices | Delete.own | osp.matrix.scaffolding.delete.own | |
Matrices | Export.any | osp.matrix.scaffolding.export.any | |
Matrices | Export.own | osp.matrix.scaffolding.export.own | |
Matrices | Publish.any | osp.matrix.scaffolding.publish.any | |
Matrices | Publish.own | osp.matrix.scaffolding.publish.own | |
Matrices | Revise.any | osp.matrix.scaffolding.revise.any | |
Matrices | Revise.own | osp.matrix.scaffolding.revise.own | |
Matrices | Can view / access all matrix cells | osp.matrix.scaffoldingSpecific.accessAll | |
Matrices | Can view / access user list and cell owner | osp.matrix.scaffoldingSpecific.accessUserList | |
Matrices | Can manage matrix cell status | osp.matrix.scaffoldingSpecific.manageStatus | |
Matrices | Can use matrix | osp.matrix.scaffoldingSpecific.use | |
Matrices | Can view all groups | osp.matrix.scaffoldingSpecific.viewAllGroups | |
Matrices | Can view evaluations created by another user | osp.matrix.scaffoldingSpecific.viewEvalOther | |
Matrices | Can view feedback created by another user | osp.matrix.scaffoldingSpecific.viewFeedbackOther | |
Messages | manage whether others in the site can forward email messages | msg.emailout | This permission can be somewhat confusing. Here's what it actually means: If you grant someone this permission, that gives THEM the permission to decide whether they're going to allow other users in the site to have messages forwarded to their own email addresses. In short, you should not give students or guests this permission, because it allows them to change the configuration of your messages tool. |
Polls | Create a new poll | poll.add | |
Polls | Delete a poll | poll.deleteAny | |
Polls | Delete a poll that you created | poll.deleteOwn | |
Polls | Edit a poll that anyone created | poll.editAny | |
Polls | Edit a poll that you created | poll.editOwn | |
Polls | Vote in the poll | poll.vote | If a user does not have any permissions in the Polls tool, then they will not see the polls. |
Portfolio Layouts | Create | osp.presentation.layout.create | |
Portfolio Layouts | Edit | osp.presentation.layout.edit | |
Portfolio Layouts | Delete | osp.presentation.layout.delete | |
Portfolio Layouts | Publish | osp.presentation.layout.publish | |
Portfolio Layouts | Suggest Publish | osp.presentation.layout.suggestPublish | |
Portfolio Templates | Create | osp.presentation.template.create | |
Portfolio Templates | Edit | osp.presentation.template.edit | |
Portfolio Templates | Delete | osp.presentation.template.delete | |
Portfolio Templates | Publish | osp.presentation.template.publish | |
Portfolio Templates | Copy | osp.presentation.template.copy | |
Portfolio Templates | Export | osp.presentation.template.export | |
Portfolios | Create | osp.presentation.create | |
Portfolio Templates | Delete | osp.presentation.delete | |
Portfolio Templates | Comment | osp.presentation.comment | |
Portfolio Templates | Unsure what this means or where it appears | osp.portfolio.evaluation.use | |
Portfolio Templates | Unsure what this means or where it appears | osp.presentation.review | |
Portfolio Templates | osp.presentation.copy | ||
Portfolio Templates | osp.presentation.edit | ||
Preferences | Add preferences | prefs.add | |
Preferences | Delete Preferences | prefs.del | |
Preferences | Update Preferences | prefs.upd | |
Realms | Add a realm | realm.add | I think it's true that in order to create a site (including your own user workspace), you need this permission. |
Realms | Update a realm | realm.upd | If you remove this permission from the instructor role for a course site, the instructor will not be allowed to configure permissions for their site. |
Realms | Delete a realm | realm.del | |
Realms | Update a realm that you own | realm.upd.own | |
Reports | Create | reports.create | |
Reports | Edit | reports.edit | |
Reports | Delete | reports.delete | |
Reports | View | reports.view | |
Reports | Run | reports.run | |
Reports | Share | reports.share |
|
Resources | Create new content | content.new | |
Resources | Create/View content for all groups | content.all.groups | This permission works like the annc.all.groups permission. See the description of the annc.all.groups permission for more information. |
Resources | Delete any content | content.delete.any | |
Resources | Delete content | content.delete.own | |
Resources | View content that has been hidden | content.hidden | If a user hides content and does not have this permission selected, then t hey will not be able to see the content that they hid. |
Resources | Read content | content.read | |
Resources | Revise any content | content.revise.any | |
Resources | Revise your own content | content.revise.own | |
Roster | View all site participants in the roster | roster.viewallmembers | |
Roster | View site participants with hidden profiles in roster | roster.viewhidden | The registrar usually has something to say about this permission and who should get it. |
Roster | Export the roster | roster.export | |
Roster | View groups and sections in the roster | roster.viewgroup | This is helpful for students to see what group they're in (and who their group members are) |
Roster | Click on someone's name in the roster and see their profile | roster.viewprofile | This only works if the user who created their profile has chosen NOT to hide their profile. |
Roster | If official photos are used, view a user's official photo | roster.viewofficialphoto | I've never seen this permission used. |
Roster | View someone's enrollment status (CM implementation only) | roster.viewenrollmentstatus | |
Sections | Act as an instructor | section.role.instructor | This identifies someone as an instructor in the sections tool. What this means is that the user with this role does not get "assigned" to sections, because they are the instructor and should be able to view/target content toward all sections. You can grant this permission to as many roles as you'd like in the site realm, but you can grant this permission to only ONE role in the group realm (the !group.template realms). Tests & quizzes borrows this permission for grading purposes. So if you grant someone permission to grade tests & quizzes in the tests & quizzes tool, they will not be able to grade tests & quizzes unless they also have this section.role.instructor permission. A workaround (if you have a TA who still needs to grade Tests & Quizzes) is to grant the role BOTH section.role.instructor AND section.role.ta permissions to the TA role in the site) See http://jira.sakaiproject.org/browse/SAM-915\\
|
Sections | Act as a student | section.role.student | This permission identifies those users who may be placed into sections using the sections tool. If a student-type user (like Guest or Auditor) is in a role that does not have this permission, they will not be allowed to participate in sections. You can grant this permission to as many roles as you'd like in the site realm, but you can grant this permission to only ONE role in the group realm (the !group.template realms). The Gradebook tool borrows this permission. See http://jira.sakaiproject.org/browse/SAK-14772 |
Sections | Act as a TA | section.role.ta | Gradebook borrows this permission to identify teaching assistants for group/section grading permission purposes. The sections tool uses this permission to identify who can be "assigned" to sections as a teaching assistant. You can grant this permission to as many roles as you'd like in the site realm, but you can grant this permission to only ONE role in the group realm (the !group.template realms). |
Site Stats | View site statistics for a site | sitestats.view | This permission cannot be changed by the instructor for other roles in the site, so choose your default permission configuration wisely. |
Site Stats Admin | View site statistics for all sites in the Site Stats Admin tool | sitestats.admin.view | |
Site Setup | Create a new site (project or portfolio) | site.add | |
Site Setup | Create a new course site (must also have site.add) | site.add.course | |
Site Info/Site Editor | Use the "View Site As" function at the top right corner of the site | site.roleswap | This might not be part of core Sakai |
Site Setup | Get a user workspace when you login for the first time | site.add.usersite | |
Site Info/Site Editor | Manage groups within the site. | site.upd.grp.mbrshp | |
Site Info/Site Editor | Add participants to the site | site.upd.site.mbrshp | |
Site Info/Site Editor | Add guest users into site | site.add.guests | This might not be part of core Sakai |
Site Info/Site Editor | View the list of participants in the site using the Site Editor/Site Info tool | site.viewRoster | |
Site Setup/Site Info/Site Editor | Delete the site | site.del | |
Site SetupSite Info//Site Editor | Completely manage the site | site.upd | This permissions governs about eighteen things. |
Skin Manager | Create a new skin using the skin manager tool | skinmanager.create | This may not be part of the core code |
Skin Manager | Delete a skin using the skin manager tool | skinmanager.delete | This may not be part of the core code |
Skin Manager | Revise a skin using the skin manager tool | skinmanager.edit | This may not be part of the core code |
Skin Manager | See the skin manager tool | skinmanager.view | This may not be part of the core code |
Styles | Create | osp.style.create | |
Styles | Edit | osp.style.edit | |
Styles | Delete | osp.style.delete | |
Styles | Publish | osp.style.publish | |
Styles | Suggest Global Publish | osp.style.suggestGlobalPublish | |
Styles | Publish Global | osp.style.globalPublish | |
Tests & Quizzes | Create an assessment | assessment.createAssessment | |
Tests & Quizzes | Delete any assessment | assessment.deleteAssessment.any | |
Tests & Quizzes | Delete an assessment you created | assessment.deleteAssessment.own | |
Tests & Quizzes | Edit any assessment | assessment.editAssessment.any | |
Tests & Quizzes | Edit an assessment you created | assessment.editAssessment.own | |
Tests & Quizzes | Grade any assessment | assessment.gradeAssessment.any | The ability to grade an assessment also requires the section.role.instructor permission. See http://jira.sakaiproject.org/browse/SAM-915 |
Tests & Quizzes | Grade an assessment you created | assessment.gradeAssessment.own | The ability to grade an assessment also requires the section.role.instructor permission. See http://jira.sakaiproject.org/browse/SAM-915 |
Tests & Quizzes | Publish any assessment | assessment.publishAssessment.any | |
Tests & Quizzes | Publish an assessment you created | assessment.publishAssessment.own | |
Tests & Quizzes | Copy question pools you created | assessment.questionpool.copy.own | |
Tests & Quizzes | Create a question pool | assessment.questionpool.create | |
Tests & Quizzes | Delete question pools you created | assessment.questionpool.delete.own | |
Tests & Quizzes | Edit question pools you created | assessment.questionpool.edit.own | |
Tests & Quizzes | Submit an assessment for a grade | assessment.submitAssessmentForGrade | |
Tests & Quizzes | Take an assessment | assessment.takeAssessment | |
Tests & Quizzes | Create a template for an assessment | assessment.template.create | This refers to the Assessment "Types" in Tests & Quizzes |
Tests & Quizzes | Delete templates you created | assessment.template.delete.own | This refers to the Assessment "Types" in Tests & Quizzes. You should not delete an assessment type if you are logged in as an administrator, because the changes you make will affect everyone else in your instance. You also can't add more global assessment types unless you manipulate the DB. |
Tests & Quizzes | Edit a template you created | assessment.template.edit.own | This refers to the Assessment "Types" in Tests & Quizzes |
Users/Account | Create a user (including yourself when you first login) | user.add | |
Account | Update your email address via the MyWorkspace Account tool | user.upd.own.email | |
Account | Update your firstname/lastname via the Account tool | user.upd.own.name | |
Account | Update your password via the Account tool | user.upd.own.passwd | |
Account | Update your account type via the account tool - this does not work | user.upd.own.type | I don't think this works. |
Account | Update all of the above (except type) via the Account tool | user.upd.own | So, if you have this permission set, you don't need to set the others, because they are included. You may notice that when you remove some user.upd permissions from the !user.template realms, the changes do not always take effect. This is because the user.upd.own permission exists in the standard !user.template realm and it seems to override any absence of permissions you may choose to create in the !user.template.xyz realms. It's really weird. To solve any problems, just remove the user.upd.own permission from the .auth role in the !user.template realm and the other realms will start behaving themselves. |
Wiki | Administer the Wiki tool in your own site | rwiki.admin | |
Wiki | Create new wiki pages and contribute content | rwiki.create | |
Wiki | View/Read the Wiki Content | rwiki.read | |
Wiki | Manage your instance of the wiki tool (for admins only) | rwiki.superadmin | |
Wiki | Make Changes to wiki pages | rwiki.update | |
Wiki | Delete wiki pages | rwiki.delete | |
Wizards | Create | osp.wizard.create | |
Wizards | Edit | osp.wizard.edit | |
Wizards | Delete | osp.wizard.delete | |
Wizards | Publish | osp.wizard.publish | |
Wizards | Use | osp.wizard.view | |
Wizards | Export | osp.wizard.export | |
Wizards | Evaluate | osp.wizard.evaluate | |
Wizards | Review | osp.wizard.review | |
Live Virtual Classroom | Create a new LVC session | virtual_classroom_session.create | Not part of Core Sakai |
Live Virtual Classroom | Delete a new LVC session | virtual_classroom_session.delete | Not part of Core Sakai |
Live Virtual Classroom | Edit/Update an LVC session | virtual_classroom_session.edit | Not part of Core Sakai |
Live Virtual Classroom | Join an LVC session that someone created | virtual_classroom_session.join | Not part of Core Sakai |
View an LVC session in Sakai that someone created | virtual_classroom_session.view | Not part of Core Sakai | |
Mneme | Manage the Tests Tasks & Surveys tool | mneme.manage | Not part of Core Sakai |
Mneme | Grade Tests Tasks & Surveys | mneme.grade | Not part of Core Sakai |
Mneme | "Take" and Submit a Test, Task & Survey | mneme.submit | Not part of Core Sakai |
Mneme | View Tests, Tasks & Surveys | mneme.guest | Not part of Core Sakai |
BlogWow | Add comments to other peoples' blog posts | blogwow.comments.add | |
BlogWow | Remove any comments that anyone posted to anyone else's blog post | blogwow.comments.remove.any | |
BlogWow | Create a blog entry | blogwow.create | |
BlogWow | Read other peoples' blog entries | blogwow.entry.read | |
BlogWow | Read other peoples' blog entries even when they're marked private | blogwow.entry.read.any | |
BlogWow | Write your own blog entry | blogwow.entry.write | |
BlogWow | Update/edit anyone else's blog entry | blogwow.entry.write.any | |
EvalSys | Assign an evaluation for others in a group or course to complete | eval.assign.evaluation | Be careful with all of these eval sys permissions. It's kinda neat how they behave though. So, you put the permissions for the evalsys tool in the site realms, and then you put the TOOL in the user workspaces, and it just all works out, assuming you didn't accidentally give anyone the wrong permission. |
EvalSys | Be evaluated by those who are taking the evaluation | eval.be.evaluated | |
EvalSys | Take the evaluation | eval.take.evaluation | |
EvalSys | Create evaluation templates | eval.write.template | |
BigBlueButton | Create a new meeting in bbb | bbb.create | Not part of Core Sakai |
BigBlueButton | Delete any meeting that was created in bbb | bbb.delete.any | Not part of Core Sakai |
BigBlueButton | Delete only meetings you created in bbb | bbb.delete.own | Not part of Core Sakai |
BigBlueButton | Update any meeting that was created in bbb | bbb.edit.any | Not part of Core Sakai |
BigBlueButton | Update only your own meeting that was created in bbb | bbb.edit.own | Not part of Core Sakai |
BigBlueButton | Participate in a bbb meeting that was created | bbb.participate | Not part of Core Sakai |
Elluminate Bridge | Access the elluminate configuration pages | elluminate.config.page.access | Not part of Core Sakai |
Elluminate Bridge | Create a new meeting | elluminate.meeting.add | Not part of Core Sakai |
Elluminate Bridge | Edit a meeting | elluminate.meeting.edit | Not part of Core Sakai |
Elluminate Bridge | Join a meeting | elluminate.meeting.join | Not part of Core Sakai |
Elluminate Bridge | elluminate.meeting.list.expired | Not part of Core Sakai | |
Elluminate Bridge | Remove a meeting | elluminate.meeting.remove | Not part of Core Sakai |
Elluminate Bridge | Play a recorded meeting | elluminate.recording.play | Not part of Core Sakai |
Elluminate Bridge | Remove a recorded meeting | elluminate.recording.remove | Not part of Core Sakai |
TurningPoint | turningtool.course.view.all | Not part of Core Sakai | |
TurningPoint | turningtool.deviceid.view.all | Not part of Core Sakai | |
TurningPoint | turningtool.deviceid.write.any | Not part of Core Sakai | |
TurningPoint | turningtool.grade.view.all | Not part of Core Sakai | |
TurningPoint | turningtool.grade.write.any | Not part of Core Sakai | |
TurningPoint | turningtool.roster.view.all | Not part of Core Sakai | |
Kaltura | kaltura.admin | Not part of Core Sakai | |
Kaltura | kaltura.manager | Not part of Core Sakai | |
Kaltura | kaltura.read | Not part of Core Sakai | |
Kaltura | kaltura.write | Not part of Core Sakai |
...