About roles and permissions

Use Roles and Permissions to set what functionality is available to different users. Permissions correspond to tools in Brightspace Learning Environment and D2L products, for example, the ability to create discussion topics or edit an org unit’s navbar. You assign permissions to roles and then assign roles to users for specific org units. When a user accesses an org unit, they have access to the features set up for their role in that org unit.

Use Roles and Permissions to do any of the following:

  • Create, define, change, delete, and copy user roles.
  • Set user permissions around roles.
  • Import and export permissions.

 

Role permissions versus configuration variables

Role permissions are not the same as configuration variables; however, the two objects share a relationship in Brightspace Learning Environment. When you set a configuration variable, you are configuring specific functionality in Brightspace Learning Environment. When you set role permissions, you are configuring what aspects of that functionality are available to the role. For example, you can set the configuration variable that allows locker file sharing in your Brightspace Learning Environment. As a security measure, you can choose to disable locker file sharing for the guest role.

Roles and Permissions terminology

Term

Description

Org units

Org units define the structure of an organization. By default, Brightspace Learning Environment contains org unit types for course offerings, course templates, departments, semesters, and the organization. You can define custom types to match your organization’s structure, such as consortium, college, community of practice, cohort, etc.

Role

A role is a mechanism for storing a set of permissions. Assigning permissions to a role dictates what users in that role are able to see and do in the system. You can create any number of roles for your organization and enroll individual users in different roles for different org units.

Cascading roles

If a role is cascading, a user enrolled in any org unit in that role is automatically enrolled in all other org units beneath it. For example, if you enroll a user in the science department in a cascading role, the user is automatically enrolled in all course templates, course offerings, and groups and sections under that department. Cascading roles are normally used for site administration.

User enrollment

You assign permissions to a user for a specific org unit by enrolling the user in that org unit in a specific role.

Role properties terminology

Field Description

General

Name

The name of the role.

Description

A short description of the role. The description is visible on the Role List page.

Cascading

When enabled, users in this role automatically have access to all org units beneath the one in which they are enrolled.

Primary Facilitator When enabled, users with this role are primary facilitators of the course.

Role Alias

The alias for the role.

Tool Behavior Options

Appear on Attendance Registers

Controls whether users in this role can appear on attendance registers.

Can have content statistics, feedback, and SCORM reports

Controls whether you keep statistics for, give feedback to, and include in SCORM reports for users in this role.

Can be assessed

Controls whether users in this role can be assessed in the Discussions tool.

Appear in Discussion statistics

Controls whether statistics are kept for users in this role in the Discussions tool.

Can be graded in Grades

Controls whether grades can be assigned to this role.

Can self-enroll in Groups

Controls whether users in this role can self-enroll in groups set up for self-enrollment.

Can register for a course

Controls whether users in this role can register in courses.

Can have Class Progress

Controls whether Class Progress information is recorded for users in this role.

Classlist Display Options

Display users enrolled as this role in classlist

Controls whether users in this role appear in Classlist.

Classlist Role Alias

The name of the role as it appears in Classlist.

Display this role in the classlist

Controls whether the role name appears in Classlist.

Appear on Seating Charts

Controls whether the role name appears in Seating Chart.

Course Access Options

Access inactive courses

Controls whether users in this role can access inactive courses.

Access past courses

Controls whether users in this role can access course offerings after the end date specified on the Course Offering Information page.

Notes:

  • Roles without this option can still see past course offerings listed in the My Courses widget if the d2l.Security.BypassDateCheck configuration variable is enabled.
  • This option only applies if the d2l.Security.HasOrgUnitDateRestrictions configuration variable is enabled.

Access future courses

Controls whether users in this role can access course offerings prior to the start date specified on the Course Offering Information page.

Notes:

  • Roles without this option can still see past course offerings listed in the My Courses widget if the d2l.Security.BypassDateCheck configuration variable is enabled.
  • This option only applies if the d2l.Security.HasOrgUnitDateRestrictions configuration variable is enabled.

Sections

You can give users access to all sections within a course offering (not required for cascading roles, which are automatically enrolled in all sections).

Alternately, you can make it possible for users in this role to auto-enroll in sections or you can exclude users in this role when sections are automatically created in a course offering. Users leading a course can still manually add these users to sections.

Groups

You can give users in this role access to all groups within a course offering (not required for cascading roles, which are automatically enrolled in all groups).

Alternately, you can make it possible for users in this role to auto-enroll in groups or you can exclude users in this role when groups are automatically created in a course offering. Users can still be added manually these users to groups.

Role interactions terminology

When creating a new role, you will be prompted to define how other roles interact with this role in Brightspace Learning Environment. You must have the Manage Role Permissions permission (in Security) assigned to create or copy a role.

Permission

Description

Search For

Select which roles can search for members of this role in the Manage Users tool.

Impersonate

Select which roles can impersonate users with this role.

Enroll

Select which roles can enroll this role in an org unit.

Switch to

Select which roles can role switch to this role to view content as this role does.

See External Email Address

Select which roles can see the external email addresses for members of this role.

See Internal Email Address

Select which roles can see the internal email addresses for members of this role.

Make Brightspace ePortfolio Content Available to

Select which roles can provide Brightspace ePortfolio content to members of this role.