Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

Tool

Permission Description

Permission (as it exists in the realms)

Considerations

Home

View the Site

site.visit


Home

View the Site (unpublished)

site.visit.unp

This permission cannot be changed by the instructor - you can only change it in the realm. So, for example, if a teaching assistant needs access to an unpublished site, then an admin would have to grant the TA this permission if your instance isn't configured to allow TAs to view unpublished sites.

Aliases

Create new aliases in the Aliases tool in the Admin Workspace

alias.add

Unsure whether this permission still does anything.

Aliases

Delete Aliases in the Aliases tool in the Admin Workspace

alias.del

Unsure whether this permission still does anything

Aliases

Make Changes to Aliases in the Aliases tool in the Admin Workspace

alias.upd

Unsure whether this permission still does anything

Announcements

Create OR view announcements for all groups

annc.all.groups

So, if you have this permission AND the annc.new permission, that means you'll have permission to create announcements for all groups and sections that exist in your site, even if you are not a member of those groups or sections.  If you have this permission AND the annc.read permission, that means you'll be able to VIEW announcements that were created for groups and sections other than those to which you belong.

Announcements

Delete any announcement

annc.delete.any


Announcements

Delete announcements you own

annc.delete.own


Announcements

Create new announcements

annc.new


Announcements

Read announcements

annc.read


Announcements

Read draft announcements

annc.read.drafts

This will also allow a user to read draft announcements that someone else created

Announcements

Revise any announcement

annc.revise.any


Announcements

Revise only announcements you own

annc.revise.own


Assignments

Create/View new Assignments for all groups

asn.all.groups

So, this permission behaves like the annc.all.groups permission.

Assignments

Delete Assignments

asn.delete


Assignments

Create new Assignments

asn.new


Assignments

Grade Assignments

asn.grade


Assignments

Read Assignments

asn.read


Assignments

Can opt in to receive notifications when students submit assignments

asn.receive.notifications

When you create an assignment, you will see the notification options during creation.  Anyone in your site who has this permission will be subjected to your notification choice when the students start submitting assignments.

Assignments

Revise assignments

asn.revise

Does not work unless role also has asn.new permission

Assignments

See draft assignments that other people created

asn.share.drafts


Assignments

Submit assignments and appear in the list of assignments to be graded

asn.submit

If an instructor is granted this permission, then the instructor will see his/her name (as well as the names of all other instructors) in the list of assignments to be graded.  This is sometimes annoying to instructors, so you should consider this when you're making decisions about default permissions.

Calendar/Schedule

Create/View new calendar entries for all groups

calendar.all.groups

Again, this works like the annc.all.groups permission.

Calendar/Schedule

Delete any calendar entry

calendar.delete.any


Calendar/Schedule

Delete own calendar entry

calendar.delete.own


Calendar/Schedule

Import Calendar entries

calendar.import


Calendar/Schedule

Create new calendar entries

calendar.new


Calendar/Schedule

Read Calendar entries

calendar.read


Calendar/Schedule

Revise any calendar entry

calendar.revise.any


Calendar/Schedule

Subscribe to iCal

calendar.subscribe

Have noticed that the option to subscribe to iCal does not appear by default in a user's personal workspace unless the user grants themselves the permission. A way to solve this globally is to add the calendar.subscribe permission to the maintain user in the !site.user realm when you do your initial configuration.

Calendar/Schedule

Revise own calendar entry

calendar.revise.own


Chat Room

Delete any chat entry

chat.delete.any


Chat Room

Create new chat channel

chat.new.channel


Chat Room

Delete new chat channel

chat.delete.channel


Chat Room

Revise a chat channel

chat.revise.channel


Chat Room

Delete only chat entries you own

chat.delete.own

Some schools think it's necessary to grant students this permission, and other schools won't allow students to delete any of their own chat posts (to preserve the record in accordance with local policy).  You decide.

Chat Room

Post new chat entries

chat.new


Chat Room

Read chat entries

chat.read


JForum

Administer JForum tool

jforum.admin

Do not give instructors this permission; it is a permission for admins only.

JForum

Manage JForum discussions

jforum.manage

Not part of core Sakai

JForum

Participate in discussions

jforum.member

Note part of core Sakai

Drop Box

Dropbox created automatically when the user account is created

dropbox.own


Drop Box

Ability to see/manage all dropboxes in a site

dropbox.maintain


Email Archive

Delete any emails

mail.delete.any


Email Archive

Create/Send new email

mail.new


Email Archive

Read/Receive email

mail.read


OSP Evaluations

Evaluate

osp.matrix.evaluate


OSP Evaluations

View Owner

osp.matrix.viewOwner


Forums

See below this table for instructions on configuring Forums permissions



Forms

Create

metaobj.create


Forms

Edit

metaobj.edit


Forms

Delete

metaobj.delete


Forms

Publish

metaobj.publish


Forms

Suggest Global Publish

metaobj.suggest.global.publish


Forms

Export

metaobj.export


Glossary

Create

osp.help.glossary.add


Glossary

Edit

osp.help.glossary.edit


Glossary

Delete

osp.help.glossary.delete


Glossary

Export

osp.help.glossary.export


Gradebook and Gradebook2

Edit assignments in the Gradebook

gradebook.editAssignments


Gradebook and Gradebook2

Grade anything in the Gradebook

gradebook.gradeAll


Gradebook and Gradebook2

Grade section

gradebook.gradeSection

If you ever want a role to be able to grade something in the gradebook (ever), then they MUST at least have this permission (if not the gradeAll permission).  Also note that the section.role.ta permission (for the sections tool) determines WHO appears in the "graders" list in the gradebook.  So, gradebook (and gradebook2) borrow this section role permission.

Gradebook and Gradebook2

View your own grades

gradebook.viewOwnGrades

This permission is what identifies students in the gradebook.  If you have something like a guest role or an auditor role, consider whether you want them to get grades like official students.  If you want them to get grades like official students, then you can grant the guest or the auditor role this permission. Beware that the instructors cannot change this permission in their course sites, so decide wisely.  The gradebook tool also borrows the section.role.student permission.  See http://jira.sakaiproject.org/browse/SAK-14772 for more information.

Melete

View, Author, Manage Modules and Content

melete.author

Not part of core Sakai

Melete

View Modules and Content

melete.student

Not part of core Sakai

MailSender

Administer the mailtool within your site

mailtool.admin

This is for MailSender, and not everyone uses Mailsender

MailSender

Send mail from mailtool

mailtool.send

This is for MailSender, and not everyone uses Mailsender

Matrices

Create

osp.matrix.scaffolding.create


Matrices

Review

osp.matrix.review


Matrices

Delete.any

osp.matrix.scaffolding.delete.any


Matrices

Delete.own

osp.matrix.scaffolding.delete.own


Matrices

Export.any

osp.matrix.scaffolding.export.any


Matrices

Export.own

osp.matrix.scaffolding.export.own


Matrices

Publish.any

osp.matrix.scaffolding.publish.any


Matrices

Publish.own

osp.matrix.scaffolding.publish.own


Matrices

Revise.any

osp.matrix.scaffolding.revise.any


Matrices

Revise.own

osp.matrix.scaffolding.revise.own


Matrices

Can view / access all matrix cells

osp.matrix.scaffoldingSpecific.accessAll


Matrices

Can view / access user list and cell owner

osp.matrix.scaffoldingSpecific.accessUserList


Matrices

Can manage matrix cell status

osp.matrix.scaffoldingSpecific.manageStatus


Matrices

Can use matrix

osp.matrix.scaffoldingSpecific.use


Matrices

Can view all groups

osp.matrix.scaffoldingSpecific.viewAllGroups


Matrices

Can view evaluations created by another user

osp.matrix.scaffoldingSpecific.viewEvalOther


Matrices

Can view feedback created by another user

osp.matrix.scaffoldingSpecific.viewFeedbackOther


Messages

manage whether others in the site can forward email messages

msg.emailout

This permission can be somewhat confusing.  Here's what it actually means: If you grant someone this permission, that gives THEM the permission to decide whether they're going to allow other users in the site to have messages forwarded to their own email addresses.  In short, you should not give students or guests this permission, because it allows them to change the configuration of your messages tool.

Polls

Create a new poll

poll.add


Polls

Delete a poll

poll.deleteAny


Polls

Delete a poll that you created

poll.deleteOwn


Polls

Edit a poll that anyone created

poll.editAny


Polls

Edit a poll that you created

poll.editOwn


Polls

Vote in the poll

poll.vote

If a user does not have any permissions in the Polls tool, then they will not see the polls.

Portfolio Layouts

Create

osp.presentation.layout.create


Portfolio Layouts

Edit

osp.presentation.layout.edit


Portfolio Layouts

Delete

osp.presentation.layout.delete


Portfolio Layouts

Publish

osp.presentation.layout.publish


Portfolio Layouts

Suggest Publish

osp.presentation.layout.suggestPublish


Portfolio Templates

Create

osp.presentation.template.create


Portfolio Templates

Edit

osp.presentation.template.edit


Portfolio Templates

Delete

osp.presentation.template.delete


Portfolio Templates

Publish

osp.presentation.template.publish


Portfolio Templates

Copy

osp.presentation.template.copy


Portfolio Templates

Export

osp.presentation.template.export


Portfolios

Create

osp.presentation.create


Portfolio Templates

Delete

osp.presentation.delete


Portfolio Templates

Comment

osp.presentation.comment


Portfolio Templates

Unsure what this means or where it appears

osp.portfolio.evaluation.use


Portfolio Templates

Unsure what this means or where it appears

osp.presentation.review


Portfolio Templates


osp.presentation.copy


Portfolio Templates


osp.presentation.edit


Preferences

Add preferences

prefs.add


Preferences

Delete Preferences

prefs.del


Preferences

Update Preferences

prefs.upd


Realms

Add a realm

realm.add

I think it's true that in order to create a site (including your own user workspace), you need this permission.

Realms

Update a realm

realm.upd

If you remove this permission from the instructor role for a course site, the instructor will not be allowed to configure permissions for their site.

Realms

Delete a realm

realm.del


Realms

Update a realm that you own

realm.upd.own


Reports

Create

reports.create


Reports

Edit

reports.edit


Reports

Delete

reports.delete


Reports

View

reports.view


Reports

Run

reports.run


Reports

Share

reports.share

 

Resources

Create new content

content.new


Resources

Create/View content for all groups

content.all.groups

This permission works like the annc.all.groups permission.  See the description of the annc.all.groups permission for more information.

Resources

Delete any content

content.delete.any


Resources

Delete content

content.delete.own


Resources

View content that has been hidden

content.hidden

If a user hides content and does not have this permission selected, then t hey will not be able to see the content that they hid.

Resources

Read content

content.read


Resources

Revise any content

content.revise.any


Resources

Revise your own content

content.revise.own


Roster

View all site participants in the roster

roster.viewallmembers


Roster

View site participants with hidden profiles in roster

roster.viewhidden

The registrar usually has something to say about this permission and who should get it.

Roster

Export the roster

roster.export


Roster

View groups and sections in the roster

roster.viewgroup

This is helpful for students to see what group they're in (and who their group members are)

Roster

Click on someone's name in the roster and see their profile

roster.viewprofile

This only works if the user who created their profile has chosen NOT to hide their profile.

Roster

If official photos are used, view a user's official photo

roster.viewofficialphoto

I've never seen this permission used.

Roster

View someone's enrollment status (CM implementation only)

roster.viewenrollmentstatus


Sections

Act as an instructor

section.role.instructor

This identifies someone as an instructor in the sections tool.  What this means is that the user with this role does not get "assigned" to sections, because they are the instructor and should be able to view/target content toward all sections.  You can grant this permission to as many roles as you'd like in the site realm, but you can grant  this permission to only ONE role in the group realm (the !group.template realms).  Tests & quizzes borrows this permission for grading purposes.  So if you grant someone permission to grade tests & quizzes in the tests & quizzes tool, they will not be able to grade tests & quizzes unless they also have this section.role.instructor permission.  A workaround (if you have a TA who still needs to grade Tests & Quizzes) is to grant the role BOTH section.role.instructor AND section.role.ta permissions to the TA role in the site) See

http://jira.sakaiproject.org/browse/SAM-915\\


You can grant this permission to as many roles as you'd like in the site realm, but you can grant  this permission to only ONE role in the group realm (the !group.template realms).

Sections

Act as a student

section.role.student

This permission identifies those users who may be placed into sections using the sections tool.  If a student-type user (like Guest or Auditor) is in a role that does not have this permission, they will not be allowed to participate in sections. You can grant this permission to as many roles as you'd like in the site realm, but you can grant  this permission to only ONE role in the group realm (the !group.template realms).  The Gradebook tool borrows this permission. See http://jira.sakaiproject.org/browse/SAK-14772

Sections

Act as a TA

section.role.ta

Gradebook borrows this permission to identify teaching assistants for group/section grading permission purposes.  The sections tool uses this permission to identify who can be "assigned" to sections as a teaching assistant. You can grant this permission to as many roles as you'd like in the site realm, but you can grant  this permission to only ONE role in the group realm (the !group.template realms).

Site Stats

View site statistics for a site

sitestats.view

This permission cannot be changed by the instructor for other roles in the site, so choose your default permission configuration wisely.

Site Stats Admin

View site statistics for all sites in the Site Stats Admin tool

sitestats.admin.view


Site Setup

Create a new site (project or portfolio)

site.add


Site Setup

Create a new course site (must also have site.add)

site.add.course


Site Info/Site Editor

Use the "View Site As" function at the top right corner of the site

site.roleswap

This might not be part of core Sakai

Site Setup

Get a user workspace when you login for the first time

site.add.usersite


Site Info/Site Editor

Manage groups within the site.

site.upd.grp.mbrshp


Site Info/Site Editor

Add participants to the site

site.upd.site.mbrshp


Site Info/Site Editor

Add guest users into site

site.add.guests

This might not be part of core Sakai

Site Info/Site Editor

View the list of participants in the site using the Site Editor/Site Info tool

site.viewRoster


Site Setup/Site Info/Site Editor

Delete the site

site.del


Site SetupSite Info//Site Editor

Completely manage the site

site.upd

This permissions governs about eighteen things. 
If a user has the site.upd permission, they can do the following things:
1. See the Site Editor/Site Info tool
2. Make changes to permissions (also depends on realm.upd)
3. Add and remove tools to and from the site
4. Edit the Site Information
5. Manage access to the site
6. Publish and unpublish the site
7. Edit Rosters (for CM implementation)
8. Potentially duplicate the site (also requires site.add and possibly site.add.course in the user template realm)
9. Import from another site
10. Edit the Syllabus 
11. Add the first podcast
12. Manage Forums
13. Post Feedback (Using the Feedback/Post 'em tool)
14. Edit Web Content URL
15. Edit News RSS URL
16. Create and Edit Sections (if manual section editing is turned on)
17. Potentially add participants to the site (also requires site.upd.site.participants)
18. Potentially manage groups within the site (also requires site.upd.grp.mbrshp)

Skin Manager

Create a new skin using the skin manager tool

skinmanager.create

This may not be part of the core code

Skin Manager

Delete a skin using the skin manager tool

skinmanager.delete

This may not be part of the core code

Skin Manager

Revise a skin using the skin manager tool

skinmanager.edit

This may not be part of the core code

Skin Manager

See the skin manager tool

skinmanager.view

This may not be part of the core code

Styles

Create

osp.style.create


Styles

Edit

osp.style.edit


Styles

Delete

osp.style.delete


Styles

Publish

osp.style.publish


Styles

Suggest Global Publish

osp.style.suggestGlobalPublish


Styles

Publish Global

osp.style.globalPublish


Tests & Quizzes

Create an assessment

assessment.createAssessment


Tests & Quizzes

Delete any assessment

assessment.deleteAssessment.any


Tests & Quizzes

Delete an assessment you created

assessment.deleteAssessment.own


Tests & Quizzes

Edit any assessment

assessment.editAssessment.any


Tests & Quizzes

Edit an assessment you created

assessment.editAssessment.own


Tests & Quizzes

Grade any assessment

assessment.gradeAssessment.any

The ability to grade an assessment also requires the section.role.instructor permission.  See http://jira.sakaiproject.org/browse/SAM-915

Tests & Quizzes

Grade an assessment you created

assessment.gradeAssessment.own

The ability to grade an assessment also requires the section.role.instructor permission.  See http://jira.sakaiproject.org/browse/SAM-915

Tests & Quizzes

Publish any assessment

assessment.publishAssessment.any


Tests & Quizzes

Publish an assessment you created

assessment.publishAssessment.own


Tests & Quizzes

Copy question pools you created

assessment.questionpool.copy.own


Tests & Quizzes

Create a question pool

assessment.questionpool.create


Tests & Quizzes

Delete question pools you created

assessment.questionpool.delete.own


Tests & Quizzes

Edit question pools you created

assessment.questionpool.edit.own


Tests & Quizzes

Submit an assessment for a grade

assessment.submitAssessmentForGrade


Tests & Quizzes

Take an assessment

assessment.takeAssessment


Tests & Quizzes

Create a template for an assessment

assessment.template.create

This refers to the Assessment "Types" in Tests & Quizzes

Tests & Quizzes

Delete templates you created

assessment.template.delete.own

This refers to the Assessment "Types" in Tests & Quizzes. You should not delete an assessment type if you are logged in as an administrator, because the changes you make will affect everyone else in your instance.  You also can't add more global assessment types unless you manipulate the DB.

Tests & Quizzes

Edit a template you created

assessment.template.edit.own

This refers to the Assessment "Types" in Tests & Quizzes

Users/Account

Create a user (including yourself when you first login)

user.add


Account

Update your email address via the MyWorkspace Account tool

user.upd.own.email


Account

Update your firstname/lastname via the Account tool

user.upd.own.name


Account

Update your password via the Account tool

user.upd.own.passwd


Account

Update your account type via the account tool - this does not work

user.upd.own.type

I don't think this works.

Account

Update all of the above (except type) via the Account tool

user.upd.own

So, if you have this permission set, you don't need to set the others, because they are included.  You  may notice that when you remove some user.upd permissions from the !user.template realms, the changes do not always take effect.  This is because the user.upd.own permission exists in the standard !user.template realm and it seems to override any absence of permissions you may choose to create in the !user.template.xyz realms.  It's really weird.   To solve any problems, just remove the user.upd.own permission from the .auth role in the !user.template realm and the other realms will start behaving themselves.

Wiki

Administer the Wiki tool in your own site

rwiki.admin


Wiki

Create new wiki pages and contribute content

rwiki.create


Wiki

View/Read the Wiki Content

rwiki.read


Wiki

Manage your instance of the wiki tool (for admins only)

rwiki.superadmin


Wiki

Make Changes to wiki pages

rwiki.update


Wiki

Delete wiki pages

rwiki.delete


Wizards

Create

osp.wizard.create


Wizards

Edit

osp.wizard.edit


Wizards

Delete

osp.wizard.delete


Wizards

Publish

osp.wizard.publish


Wizards

Use

osp.wizard.view


Wizards

Export

osp.wizard.export


Wizards

Evaluate

osp.wizard.evaluate


Wizards

Review

osp.wizard.review


Live Virtual Classroom

Create a new LVC session

virtual_classroom_session.create

Not part of Core Sakai

Live Virtual Classroom

Delete a new LVC session

virtual_classroom_session.delete

Not part of Core Sakai

Live Virtual Classroom

Edit/Update an LVC session

virtual_classroom_session.edit

Not part of Core Sakai

Live Virtual Classroom

Join an LVC session that someone created

virtual_classroom_session.join

Not part of Core Sakai


View an LVC session in Sakai that someone created

virtual_classroom_session.view

Not part of Core Sakai

Mneme

Manage the Tests Tasks & Surveys tool

mneme.manage

Not part of Core Sakai

Mneme

Grade Tests Tasks & Surveys

mneme.grade

Not part of Core Sakai

Mneme

"Take" and Submit a Test, Task & Survey

mneme.submit

Not part of Core Sakai

Mneme

View Tests, Tasks & Surveys

mneme.guest

Not part of Core Sakai

BlogWow

Add comments to other peoples' blog posts

blogwow.comments.add


BlogWow

Remove any comments that anyone posted to anyone else's blog post

blogwow.comments.remove.any


BlogWow

Create a blog entry

blogwow.create


BlogWow

Read other peoples' blog entries

blogwow.entry.read


BlogWow

Read other peoples' blog entries even when they're marked private

blogwow.entry.read.any


BlogWow

Write your own blog entry

blogwow.entry.write


BlogWow

Update/edit anyone else's blog entry

blogwow.entry.write.any


EvalSys

Assign an evaluation for others in a group or course to complete

eval.assign.evaluation

Be careful with all of these eval sys permissions.  It's kinda neat how they behave though.  So, you put the permissions for the evalsys tool in the site realms, and then you put the TOOL in the user workspaces, and it just all works out, assuming you didn't accidentally give anyone the wrong permission.

EvalSys

Be evaluated by those who are taking the evaluation

eval.be.evaluated


EvalSys

Take the evaluation

eval.take.evaluation


EvalSys

Create evaluation templates

eval.write.template


BigBlueButton

Create a new meeting in bbb

bbb.create

Not part of Core Sakai

BigBlueButton

Delete any meeting that was created in bbb

bbb.delete.any

Not part of Core Sakai

BigBlueButton

Delete only meetings you created in bbb

bbb.delete.own

Not part of Core Sakai

BigBlueButton

Update any meeting that was created in bbb

bbb.edit.any

Not part of Core Sakai

BigBlueButton

Update only your own meeting that was created in bbb

bbb.edit.own

Not part of Core Sakai

BigBlueButton

Participate in a bbb meeting that was created

bbb.participate

Not part of Core Sakai

Elluminate Bridge

Access the elluminate configuration pages

elluminate.config.page.access

Not part of Core Sakai

Elluminate Bridge

Create a new meeting

elluminate.meeting.add

Not part of Core Sakai

Elluminate Bridge

Edit a meeting

elluminate.meeting.edit

Not part of Core Sakai

Elluminate Bridge

Join a meeting

elluminate.meeting.join

Not part of Core Sakai

Elluminate Bridge


elluminate.meeting.list.expired

Not part of Core Sakai

Elluminate Bridge

Remove a meeting

elluminate.meeting.remove

Not part of Core Sakai

Elluminate Bridge

Play a recorded meeting

elluminate.recording.play

Not part of Core Sakai

Elluminate Bridge

Remove a recorded meeting

elluminate.recording.remove

Not part of Core Sakai

TurningPoint


turningtool.course.view.all

Not part of Core Sakai

TurningPoint


turningtool.deviceid.view.all

Not part of Core Sakai

TurningPoint


turningtool.deviceid.write.any

Not part of Core Sakai

TurningPoint


turningtool.grade.view.all

Not part of Core Sakai

TurningPoint


turningtool.grade.write.any

Not part of Core Sakai

TurningPoint


turningtool.roster.view.all

Not part of Core Sakai

Kaltura


kaltura.admin

Not part of Core Sakai

Kaltura


kaltura.manager

Not part of Core Sakai

Kaltura


kaltura.read

Not part of Core Sakai

Kaltura


kaltura.write

Not part of Core Sakai

...