<%= [dotlrn_header "dotLRN Portal Permissions"] %>

dotLRN Portal Permissions

by Arjun Sanyal and Ben Adida, part of dotLRN Documentation.

dotLRN presents itself to users by way of portals, i.e. pages that aggregate data from disparate sources, shown as "boxes" on the page, and allow these sources to be added, removed, and altered in various ways. Permissioning issues arise frequently: "Is a student allowed to remove the "Class Announcements" element of her portal?" is an example of a permissioning issue.

In general the system of permissions should be simple enough for the users to understand, but flexible enought to support all of the required features.

Also, the scope of this document is the permissions system related to the portal-based parts of dotLRN, for more documentation on the general permission scheme of dotLRN, see dotLRN Roles, Sections, and Permissions

Some General Portal Ideas

Students will have the ability to alter their personal portal, but up to the point specified by a class administrator. In the example given above, a class administrator could "lock" the "Class Announcements" element in student's personal portals so they would not have the power to remove it or alter its position. In this case, the administrator would have contol over more than one portal, i.e. her own personal portal and a "default" portal that is "cloned", including the "lock", to create each student's portal when she registers for the class.

Non-administrative users cannot grant any permission to anyone. Thus, an "Student X lets student Y read her portal" scenarios are avoided.

Administrative Permissions

The administrative permissions CREATE and DELETE are only given to those users whose roles are such that they would need to create and destroy portals for scenarios such as the one given above.

CREATE

User can create a new portal. Used for creating default class portals
Granted to: Administrator role only, by default
Implies: DELETE, and READ, EDIT, ADMIN on newly created portals

DELETE

User can destory this portal. Not granted to non-admin users.
Granted to: Admin users who have CREATE

Portal-level Permissons for Non-Admin Users

These permissions are at the level of individual portals for users such as students.

READ

Grantee can read (view) this portal.
Granted to: A User for her individual portal.

EDIT

Grantee can:
- Add "Available" datasources
- Remove "unlocked" elements
- Move (shuffle) "unlocked" elements
- Edit user-editable element parameters
Granted to: A User for her individual portal. Aggregates the permissions that a non-admin user will have, other than "READ".

Portal-level Permissons for Admin Users

Admin users with the CREATE permission will be granted the following permisson on the newly created portal.

ADMIN

Grantee can:
- Toggle "lock" on a portal element
- Set this portal page to be "cloned" from
- Set "non-user" parameters for elements
Granted to: A portal created with the CREATE permisson.

<%= [dotlrn_footer] %>