<%= [dotlrn_header "dotLRN Portal Permissions"] %>

dotLRN Portal Permissions

by Arjun Sanyal and Ben Adida, part of dotLRN Documentation.

dotLRN presents itself to users by way of portals, i.e. pages that aggregate data from disparate sources, shown as "boxes" on the page, and allow these sources to be added, removed, and altered in various ways. Permissioning issues arise frequently: "Is a student allowed to remove the "Class Announcements" element of her portal?" is an example of a permissioning issue.

In general the system of permissions should be simple enough for the users to understand, but flexible enought to support all of the required features.

Also, the scope of this document is the permissions system related to the portal-based parts of dotLRN, for more documentation on the general permission scheme of dotLRN, see dotLRN Roles, Sections, and Permissions

Some General Portal Ideas

Students will have the ability to alter their personal portal, but up to the point specified by a class administrator. In the example given above, a class administrator could "lock" the "Class Announcements" element in student's personal portals so they would not have the power to remove it or alter its position. In this case, the administrator would have control over more than one portal, i.e. her own personal portal and a "default" portal that is "cloned", including the "lock", to create each student's portal when she registers for the class.

Non-administrative users cannot grant any permission to anyone. Thus, an "Student X lets student Y read her portal" scenarios are avoided.

Administrative Permissions

The administrative permissions CREATE and DELETE are only given to those users whose roles are such that they would need to create and destroy portals for scenarios such as the one given above.

CREATE

DELETE

Portal-level Permissons for Non-Admin Users

These permissions are at the level of individual portals for users such as students.

READ

EDIT

Portal-level Permissons for Admin Users

Admin users with the CREATE permission will be granted the following permisson on the newly created portal.

ADMIN

<%= [dotlrn_footer] %>