0.6 - Permissions

Owned by Former user (Deleted)
Last updated: Oct 10, 2006 by Former user (Deleted)Version comment
4 min read
  • modify_link_from - Allows user to Create/Edit/Delete links from Activities in this site
  • modify_link_to - Allows user to Create/Edit/Delete to Goals in this site
  • view_any_link_from - Allows user to view any links from an activity in this site.
  • view_any_link_to - Allows user to view any links to goals in this site.

    Viewing the links allows the user to see where the connections are. A complete list of links be thought of as a curriculum map. The convention of thinking about links and associations as orgininating from the Activity and to the Goal persists in the permission names. In order for a user to actually see a link, that user must be a member of both sites and have a role where they have the appropriate permissions set.
    For example, a Program Coordinator would be a member of both a Program worksite and a Class worksite. In the Program worksite (where program goals are published) that user would have the view_any_link_to permission set. In the Class Worksite the same role would have the view_any_link_from permission set.

  • view_visible_link_from - Allows user to view any links flagged as visible from an activity in this site (more restrictive than above)
  • view_visible_link_to - Allows user to view any links to goals as flagged as visible in this site

    This set of permissions is similar to the above permissions with the exception that it only allows the user to see those links flagged as "visible".

Others

The following permissions are NOT components of a permission pair. These permission settings pertain to the site from which Goals are published.

  • view_rating - Allows user to view ratings that were performed in this site.
  • modify_goalset - Allows user to Create/Edit/Delete Goal Sets and Goals
  • modify_rating - Allows user to rate each student's performance for an activity for each linked goal.

    Permission settings for a typical class and program site
    A typical permission configuration for a program site that is publishing program goals.
    A typical permission configuration for a class that is linking to program goals.
    #pairs

Permission Pairs

In order to provide flexibility and data security, the permission checks performed in the Goal Management tool (and thus all Goal Aware Tools that use the Goal Management helper tool) may be different than those in other tools you have used in Sakai. Since any method called likely interacts with data in two worksites, permission checks are performed in both affected worksites. While it is implied above, let's state it clearly:

Activity Site

Goal Publishing Site

Explanation

modify_link_from

modify_link_to

In order for a user to link an activity in one worksite to a goal published in another worksite, the user has to play a role in both sites.

  • In the worksite where the activity is taking place, the modify_link_from permission must be set for that user's role.
  • In the worksite where the Goal to be linked to is published, the modify_link_to permission must be set for that user's role.
  • BOTH must be true for the permission pair to be satisfied and allow the user to create the link.

view_any_link_from

view_any_link_to

In order for a user to view all links flagged as visible from activities in one worksite to goals published in another worksite , the user has to play a role in both sites.

  • In the worksite where the activity is taking place, the view_visible_link_from permission must be set for that user's role.
  • In the worksite where the linked Goal is published, the view_visible_link_to permission must be set for that user's role.
  • BOTH must be true for the permission pair to be satisfied and allow the user to view the "visible" links.

view_visible_link_from

view_visible_link_to

In order for a user to view all links from activities in one worksite to goals published in another worksite , the user has to play a role in both sites.

  • In the worksite where the activity is taking place, the view_any_link_from permission must be set for that user's role.
  • In the worksite where the linked Goal is published, the view_any_link_to permission must be set for that user's role.
  • BOTH must be true for the permission pair to be satisfied and allow the user to view the links.

Furthermore, the order in which these are listed is of some significance. You may note that it would make no sense to be able to modify links between sites but not be able to view links between those sites. It would also not make sense to be able to view_any_links between sites but not be able to view_visible_links between those sites.

If the permission pair modify_link_from:modify_link_to is set for a role, that role can view_any_link, whether or not the permission pairs view_any_link_from:view_any_link_to or view_visible_link_from:view_visible_link_to is set.
If the permission pair view_any_link_from:view_any_link_to is set for a role, that role can view_visible_links, whether or not view_visible_link_from:view_visible_link_to is set.

For example:
If you want a role to have permission to modify links between activities in one site and goals in another site, only one permission pair would work:

Activity Site

Goal Publishing Site

Explanation

modify_link_from

modify_link_to

Role can create links between activities in the "Activity Site" and Goals published in the "Goal Publishing" site

However, if you want a role to have permission to view all links between two sites, more combinations are possible:

Activity Site

Goal Publishing Site

Explanation

modify_link_from

modify_link_to

Role can create links between activities in the "Activity Site" and Goals published in the "Goal Publishing" site. As such, they can also view the links.

modify_link_from

view_any_links_to

Role probably can create links between the activities in the Activity Site and goals in a different site than the Goal Publishing Site. This role can view_any_links between these two sites.