Role-based access control

Roles determine what a user can and can't do within Blackboard Learn. Administrators use roles to group privileges into sets that can be assigned to user accounts. Every user associated with a role has all of the privileges included in the role.

When a user account is assigned multiple roles, the user receives all of the privileges included in all of the roles. For example, a user is assigned a role that doesn't include access to the course Control Panel. However, the user is also assigned a role that does include access to the Control Panel. The user receives the privilege, even though it was excluded from one of the assigned roles.

About standard roles

When Blackboard Learn is installed, several standard roles are created. Administrators can edit these standard roles.

  • System Roles: System roles control the administrative privileges assigned to a user. This enables administrators to share administrative privileges and functions with other users in Blackboard Learn. 
  • Course and Organization Roles: Course and organization roles control access to the content and tools within a course or organization. Each user is assigned a role for each course or organization in which they participate. For example, a user with a role of Teaching Assistant in one course can have a role of Student in another course. Instructors can use these roles to delegate some of the responsibility for maintaining the course. 
  • Institution Roles: Institution roles control what brands, tabs, and modules users see when they log in to Blackboard Learn. Institution roles also grant or deny access to Content Collection files and folders. All licenses have a limited default set of Institution roles. 

More on roles and privileges

About custom roles

Administrators can create custom roles by copying an existing role and editing its properties and privileges. You can also create a new, blank role and add privileges to it.

User privileges

Each role is mapped by default to a base level of privileges. Administrators may finely customize the power each role may have. There are hundreds of privileges available and administrators are able to see all available privileges and the roles for which those privileges are permitted. Each privilege lists the role types and role IDs that have the privilege.

Manage Privileges

The Privileges page allows administrators to see all available privileges and the roles for which those privileges are permitted. Each privilege lists the role types and role IDs that have the privilege.

Search for privileges

  1. Go to Administrator Panel > Privileges.
  2. In the Search box, type the search terms.
  3. Select whether your search terms apply to Privileges, System Roles, or Course Roles.
  4. Select Go.

Manage privileges

In the list of results, select a Role ID to manage its privileges. You're brought to the role's Manage Privileges page, where you can permit or restrict privileges.

Evaluate whether privileges are appropriate

Review the privileges granted to various roles, and determine whether they are necessary. This supports the security principle of least privilege. One example is whether the assigned roles require the privilege of Add/Edit trusted content with scripts. This allows assigned users the ability to enter dynamic content into the system whether they are malicious or not.

Authoring advanced HTML content

Safe HTML is only applicable to users who do not have the Add/Modify Trusted Content privilege (also called the Add/Edit Trusted Content With Scripts privilege, depending on the version of Blackboard Learn you are running). Users with this privilege can enter unrestricted/trusted HTML, meaning they are not bound to the Safe HTML rules. By default, Blackboard Learn gives this privilege to administrators, course builders, graders, instructors, and teaching assistants. All other roles don't have this privilege by default, but it can be added on an as-needed basis.

Fine-grained guest and anonymous access

Guests and observers are available in the Original Experience only.

You can control whether or not the guest and observer roles have access to your course. There are multiple levels in the application that have guest access. For example, there is guest access to the system, to courses, and to organizations. For guests and observers, availability of course tools can be configured at a fine-grained level.

Guests in a course can include guest lecturers, potential students, or other users who are not directly participating in your course.

Observers are typically assigned to follow specific users in Blackboard Learn without interacting with the system. Observers are able to view the course and track student progress. Also, you can communicate Early Warning System notifications to observers as well as students, or just to the observers of a student.