Can we allow Act As to be delegated at Sub Account Levels and not just Global Account admin?
@apaglione No, the User - Act As permission is handled at the root account level and can only be granted at the root level of your Canvas instance.
If you do enable it, be extremely careful as it can allow users to gain access to subaccounts that they won't normally have access to. This may violate your institution's policies. Hope this helps!
Hi @apaglione,
I just to expand on @melodyc_lam's reply a bit, as I know this is a feature that's been asked about quite a bit over the years...
On one hand, I totally understand the desire to limit root account admin access as much as possible, which this could help.
On the other hand, when thinking about hot it could/would work, things can get very complicated very quickly in the varied scenarios that happen often in Canvas. For example, users are often enrolled in courses belonging to different subaccounts (which is why all uses really live in the root Canvas account. if subaccount A admin acts as a user who has an enrollment in subaccount A, would they get to see the other courses the user is enrolled in for subaccount B and C as well? From a strict access perspective, the answer would probably be "no", but to truly get the user's identical experience for support issues, the answer would have to be "yes".
It could be argued that root admins could have some option checkboxes to set and control some of the above behavior as they want to, but that would likely also complicate the codebase very quickly, which I'm sure Instructure wants to avoid.
Depending on the size of your school, the approach we use may work for you, as it's somewhat a blend of functionality and security. We give our subaccount admins their "normal" permissions at the subaccount level. In addition, we created a custom admin role with just a few permissions, including acting as users, and enroll our subaccount admins with that role in the root account. This may get unwieldy for larger schools/institutions, but it does work for us and it does help make it explicitly clear to everyone the permissions we're giving to each admins and at what level those permissions come in at.
So the bottom line right now is exactly what Melody said... At this time, this can't be done at the subaccount level. That could change in the future though, and there are some workarounds like the one I mentioned that may help.
I hope this extra info helps make things slightly clearer for you.
-Chris
The Non Credit side of our institution has users self enroll in their course, they want us to run a script daily that ends any new enrollments access after 30 days. I found this end point for user enrollment end time, but in my testing, the user still had access despite their enrollment being past the end date. Do the…
I am a Canvas administrator for a series of courses for my institution. I pull a weekly attendance report for students across all classes in our catalogue. This week, I am encountering an error message when attempting to access the roll call attendance report function ("We're sorry, but something went wrong"). Switching…
Hi everyone, We’ve recently received a couple of reports from faculty about a sudden influx of emails from Studio Support indicating that “automated captions are ready to view”, but for videos that are quite old and haven’t been updated recently. These faculty are reporting 5 or more of these emails today so far. In at…
My team is currently going through the different LTIs/APIs we have installed in our Canvas instance and making sure we have a full list of what permissions each one has, what information it gives/receives, etc. However, the list of LTIs/APIs is contradictory - the new Apps page has a Monitor tab which lists launches of…
Has anyone else had issues with an influx of duplicate users in Canvas? Ours is currently in the form of an email that already exists, becoming a new user - and not automatically merging with the user ID with the same email that also is linked to our SIS ID correctly as well. For example, user 1 is xyz@gmail.com without a…
