What do the various realm permissions do?
Realm Permissions control the actions that specific user roles have permission to perform within the system. Certain sets of permissions are associated with user types by default (e.g. instructors, students, etc.) which allow them to perform the common tasks associated with that role. In some cases, you may need to modify the realm permissions for a specific user or a specific role. Additionally, system administrators can also create custom roles and assign custom sets of realm permissions to those roles.
alias.add - User can add a new alias.
alias.del - User can delete an existing alias.
alias.upd - User can edit an existing alias.
annc.all.groups - Maintain type role members of the site (Instructors and the like) might expect to have permissions to see and manipulate the announcements in the site as well as all the site groups, without having explicit membership in each group. If the user’s membership in the site includes annc.all.groups, then the user has access to all the groups in the site without needing explicit group membership.
annc.delete.any - User can delete any announcement regardless of who created it.
annc.delete.own - User can delete only announcements they created.
annc.new - Allows users to create new announcements.
annc.read - Allows users to read announcements. This permission is needed to view the list of announcements.
annc.read.drafts - Allows users to read draft announcements.
annc.revise.any - Allows users to edit any announcement, created by anyone.
annc.revise.own - Allows user to edit only announcements they created.
asn.all.groups - Maintain type role members of the site (Instructors and the like) might expect to have permissions to create/edit assignments in the site as well as all the site groups, without having explicit membership in each group. If the user’s membership in the site includes asn.all.groups, then the user has access to all the groups in the site without needing explicit group membership.
asn.delete - Gives user the ability to delete assignments.
asn.grade - Gives the role the ability to grade assignments. If the role has asn.new permission, then that role also has the ability to grade (any role with asn.new also has the ability to grade, regardless of the asn.grade setting). If the role does not have asn.new, then grading permission can be granted by giving the role asn.grade.
asn.new - Gives user the ability to create new assignments. Also controls the type of assignment list view the user sees (see asn.read above).
asn.read - Allows user to view the assignment list. The list they see will differ depending on the asn.new permission. Those with asn.new see an ‘instructor’ list (list of all assignments, including drafts, with action links for revising, deleting). Those without asn.new see a ‘student’ list (list of open assignments, where clicking on the assignment opens it for submission).
asn.receive.notifications - Gives user the ability to receive notifications.
asn.revise - Gives user the ability to revise assignments.
asn.share.drafts - Gives the user the ability to see other instructors’ assignments in the draft state
asn.submit - Gives user the ability to submit assignments. This includes ‘instructor’ type roles, which can submit as though they were a ‘student’ using a link on the Student View page. Without this permission, the ‘Submit as Student’ function does not appear to roles with asn.new.
Tests & Quizzes
assessment.createAssessment - Allows user to create a new assessment.
assessment.deleteAssessment.any - User can delete any assessment created by anyone.
assessment.deleteAssessment.own - User can delete assessments they created.
assessment.editAssessment.any - User can edit any assessment created by anyone.
assessment.editAssessment.own - User can edit assessments they created.
assessment.gradeAssessment.any - User can grade any assessment.
assessment.gradeAssessment.own - User can grade assessments they created.
assessment.publishAssessment.any - User can publish any assessment.
assessment.publishAssessment.own - User can publish only assessments they have created
assessment.questionpool.copy.own - Users can make a copy of any assessment pool.
assessment.questionpool.create - User can create a question pool.
assessment.questionpool.delete.own - User can delete their own question pools.
assessment.questionpool.edit.own - User can edit question pools they have created.
assessment.submitAssessmentForGrade - User has the ability to create a submission to assessments which will be available to the grader for evaluation.
assessment.takeAssessment - User has the ability to take an assessment.
assessment.template.create - User has the ability to create a new template that can then be used to control assessment settings.
assessment.template.delete.own - User can delete templates they have created.
assessment.template.edit.own - User can edit templates they have created.
calendar.all.groups - Allows user to create events for a group or groups. With this permission, the group selection dropdown is available when creating an event, so that the event can be targeted to one or more groups rather than the entire site.
calendar.delete.any - Allows user to delete any schedule event.
calendar.delete.own - Allows users to delete schedule events which they have created.
calendar.import - Allows users to import schedule events from Outlook, Meeting Maker, or csv files. (Import adds events without syncing importing the same file multiple times results in multiple copies of events).
calendar.new - Allows users to create a new schedule item.
calendar.options - Allows user to set their own calendar display options/preferences.
calendar.read - Allows users to view the schedule and to read schedule items. This permission is needed in order to see schedule events.
calendar.revise.any - Allows users to revise any event.
calendar.revise.own - Allows user to edit calendar events they have created.
calendar.subscribe - Allows a user to subscribe to a calendar.
calendar.view.audience - Allows the user to view the audience (i.e. site - wide or specific group/s) for a calendar item.
chat.delete.any - Gives the user the ability to delete any chat message, posted by any user.
chat.delete.channel - User can delete a channel (a channel equates to a chat room).
chat.delete.own - Allows user to delete their own chat messages only.
chat.new - Gives user the ability to post new messages. Required in order to view the chat message type in field.
chat.new.channel - Allows user to create new chat rooms.
chat.read - Gives user the ability to read chat messages. Required in order to view the chat message window.
chat.revise.channel - With this permission the user can edit the channel (chat room) metadata.
commons.comment.create - Allows a user to create a comment.
commons.comment.delete.any - Allows a user to delete any comment.
commons.comment.delete.own - Allows a user to delete their own comments only.
commons.comment.read.any - Allows a user to read any comment.
commons.comment.update.any - Allows a user to update any comment.
commons.comment.update.own - Allows a user to update their own comments only.
commons.post.create - Allows a user to create a post.
commons.post.delete.any - Allows a user to delete any post.
commons.post.delete.own - Allows a user to delete their own post only.
commons.post.read.any - Allows a user to read any post.
commons.post.update.any - Allows a user to update any post.
commons.post.update.own - Allows a user to update their own posts only.
content.all.groups - Allows user to view content for all groups.
content.delete.any - Allows a user to delete any item in Resources.
content.delete.own - Allows a user to delete their own items in Resources only.
content.hidden - Allows a user to view hidden files/folders in Resources.
content.new - Allows user to upload files to Resources, or create new text, html, or URL resources.
content.read - Allows users to access the Resources area - view the list of Resources and navigate to sub - folders. There is currently no way to remove read in a sibling folder when it has been granted to the parent folder. read is needed in order to see toolbar actions and anything in the resources list.
content.revise.any - Allows user to revise files in Resources created by any user. revise is needed along with delete in order to delete files.
content.revise.own - Allows user to revise just their own files.
course_site_publish_service.publish - User can publish the site.
course_site_removal_service.removal - User can unpublish the site.
dropbox.maintain - Roles granted dropbox.maintain will be have read/write access to all dropboxes. They will see the entire list of dropboxes and can navigate into any dropbox, and can read and upload files there.
dropbox.maintain.own.groups - Allows users to view and filter group - based dropboxes for groups to which they belong. (Typically used for TAs who need access to view their assigned sections’ dropboxes.)
dropbox.own - Roles granted dropbox.own will have an individual dropbox and will not be able to see any other user’s dropbox.
gradebook.editAssignments - User can edit Gradebook entries to change the metadata.
gradebook.gradeAll - User can enter grades for all Gradebook entries.
gradebook.gradeSection - User can enter grades only for Gradebook entries associated with the sections they belong to.
gradebook.viewOwnGrades - User can view their grades in the Gradebook.
gradebook.viewStudentNumbers - User can view student number in Gradebook.
lessonbuilder.read - User can view Lessons pages.
lessonbuilder.seeall - User can view all Lessons pages, including hidden pages or pages that are restricted to particular groups.
lessonbuilder.upd - User can create and update Lessons pages.
mail.delete.any - Allows user to delete any email message in the archive, sent by any user.
mail.new - Gives user the ability to send email to the site, which is stored in the email archive and sent on to site participants with read permission.
mail.read - Gives user the ability to view the email archive list and read emails in the list.
mailtool.admin - User can administer the Mailtool settings.
mailtool.send - User can send email via the Mailtool.
msg.emailout - Used by Private Messages. Allows user to copy external email address.
msg.permissions.allowToField.allParticipants - User can send messages to all participants in a site.
msg.permissions.allowToField.groups - User can view group list in "To" field.
msg.permissions.allowToField.myGroupMembers - User can view members of their own groups in the "To" field.
msg.permissions.allowToField.myGroupRoles - User can view members with the same site role in the "To" field.
msg.permissions.allowToField.roles - User can view site roles in "To" field.
msg.permissions.allowToField.users - User can view individual site participants in "To" field.
msg.permissions.viewHidden.groups - User can view hidden groups in the "To" field.
oauth.admin - if you don’t have this permission the oauth tool won’t render and it will send an HTTP 401 unauthorized
pasystem.manage - User can create, edit, and delete banner and popup messages in the PA System.
poll.add - User can add a new poll in the Polls tool.
poll.deleteAny - User can delete any poll.
poll.deleteOwn - User can delete their own polls only.
poll.editAny - User can edit any poll.
poll.editOwn - User can edit their own polls only.
poll.vote - User can vote in a poll.
portal.chat.permitted - Allows the user to access Portal Chat.
realm.add - User can add a new realm.
realm.del - User can delete an existing realm.
realm.upd - User can update any realm.
realm.upd.own - User can update realms they have created only.
realm.view.all - User can view all realms.
roster.export - User can export the roster list (the ‘Export CSV’ button is visible to users with this permission).
roster.viewallmembers - User can see all users in the Roster list.
roster.viewhidden - User can see all participants including those who have hidden their information via a setting in the Profile tool.
rwiki.admin - User has access to the admin controls.
rwiki.create - Ability to create wiki pages.
rwiki.read - Ability to read wiki pages.
rwiki.superadmin - User can do anything anywhere in the wiki.
rwiki.update - Ability to edit wiki pages.
site.add - Allows the user to create sites. (They see the New button in their My Workspace.) This permission is set in the !user.template realms, not applicable in !site.template realms.
site.add.usersite - Used in the !user.template gives user the right to create their my workspace (not applicable in the !site.template realm)
site.del - User can soft delete a site
site.del.softly.deleted - User can delete softly deleted sites
site.upd - Gives user the right to edit the site users will see the Options and Permissions actions in Toolbars
site.upd.grp.mbrshp - For the Section Info tool, for roles that do not have site.upd, allows user to modify (but not create) membership in sections.
site.upd.site.mbrshp - For the Section Info tool, for roles that do not have site.upd, allows user to add and remove participants from the site.
site.viewRoster - Allows users to view the roster in Site Info. This is settable only via Admin Realms tool when editing the !site.template (e.g., there is not Permissions page in Site Info)
site.visit - Gives user the ability to see the site tab. Without this, even though a user may be a participant of the site, they will not see the tab.
site.visit.unp - Gives user the ability to see the site when it is unpublished.
syllabus.add.item - User can add a single item to the syllabus.
syllabus.bulk.add.item - User can bulk add multiple syllabus items.
syllabus.bulk.edit.item - User can bulk edit multiple syllabus items.
syllabus.redirect - User can redirect the syllabus to a URL.
user.add - Used in the !user.template realm. Allows a user to create a new account. Could be set in the .anon and .auth role to let anyone create an account.
user.upd.own - Allows a user to revise their own user information. Used in the !user.template realm.