Who sees what? You can decide.
Permissions allow individual users, types of users, and groups to do certain things with your items, such as read, write, or remove. Use permissions to control who can see and change your files and folders. Similarly, instructors may use permissions to control the content that students or other course participants can see and edit.
What are permissions?
After content is added to the Content Collection, permissions must be granted to make the content accessible to users and groups of users. Permissions allow users to perform certain actions on items in the Content Collection, that range from read-only access, to editing, managing and removing content. You can configure permissions for individual files or for entire folders and all of the folder contents. Permissions may behave in combination so it's important to understand what each level of access means.
If you link to your items outside of the Content Collection, be sure to grant permission to the appropriate users so the links work. Without permission to view the item, users see an Access Denied message if they follow a link to the item in a course or portfolio.
Types of permissions
Content Collection permissions:
- Read: Users can view files or folders.
- Write: Users can make changes to files and folders.
- Remove: Users can remove files from the folder or the folder itself.
- Manage: Users can control the properties and settings of files and folders.
When users search for files or folders or attempts to manipulate files or folders—for example, using copy, move or remove—they can only view and alter content based on the existing permissions. For example, if users search for an item that they don't have Read permission to, the item won't appear in the search results.
Default permissions
Some users have default permissions to specific folders. In this case, various permissions are automatically granted to specific folders.
- User folders: These folders appear under My Content in the Content Collection menu. Users have Read, Write, Remove, and Manage permissions for their user folders. The administrator determines the availability of these folders on a system-wide basis.
- Course folders: These folders appear under the Courses area on the Content Collection menu and are used to store content for specific courses. Instructors, Teaching Assistants, and Course Builders have Read, Write, Remove, and Manage permissions for the folders for their courses. The course folder is created automatically the first time one of these users accesses the Content Collection. Other course users, such as students, who are enrolled in a course don't see this folder because it's intended to be a workspace for course developers. Students must have read permissions to access a course folder. Organization user folders function in the same way as course folders.
- Institution and Library Content folders: All users with system accounts have read permission to these folders.
- Course folders within eReserves: All users enrolled in a course have read permissions to the specific course folder in eReserves.
Grant and receive permissions
Any user with Read and Manage permission on a file or folder may grant permissions to other users and user lists.
Users and groups of users may be granted one or more permissions. For example, Read permission for an item may be granted to an entire course list. The owner may grant additional permissions to single users within the course list. Permissions may be edited for subfolders and files within a folder.
Manage permissions
User access to a file or folder is controlled through the Manage Permissions page. You can grant permissions for users individually, in groups, or by role.
When permissions are granted on a folder, they apply to all subfolders and files within the folder.
Organize folders
Users can organize folders in a way that allows them to manage permissions by folder, rather than by file. For example, create a folder that contains all files used in a group project. Then, the entire folder may be shared with the group members, rather than trying to manage permissions on separate items stored in different folders.
Only read permission should be added to a top-level folder, for example, the username folder. Any time a permission is added or changed on the top-level folder, check any subfolders or files designated as private and verify that additional permissions haven't inadvertently been added that might expose protected information.
Sharing folders
When users add folders and files to the Content Collection, they need to keep in mind which users and user lists the content will be shared with. Try to create folders for all items that are to be shared with the same users. When items shared with the same users are spread out among different folders, it may become difficult to manage. For example, if users create documents that are applicable to all users at the institution, they can create a folder to share with all system users, then add the specific items to this folder.
Sharing files
Files are available automatically to the user that added the file but must be shared if other users are to view the item.
Files inherit permissions from the folder they reside in. If a file is added to a folder that already has read and write permission for certain users or user lists, those same users will also have read and write permission on the newly added file.
Overwrite option on folders
When users add or edit permissions on a parent folder, they have the option to force all files and subfolders to inherit these permissions. For example, if the read and write permissions are added to the folder, and an item within the folder has read, write, and remove permissions, remove permissions are removed from the file. All subfolders and files within the parent folder are granted read and write permissions.
If this option isn't selected, the files and subfolders are automatically granted any additional permission given to the parent folder, but existing permissions aren't removed. For example, if read, write and manage permissions are added to the folder, and an item within the folder has read, write, and remove permissions, the permissions for the file remain read, write, and remove, and manage is added.
After users edit permissions on a folder, users may edit the permissions on an item, but the permissions are overwritten the next time permissions on the parent folder are changed. We recommend users store items with the same purpose and audience in a single folder. Then, users can manage permissions easily.
