Permissions settings

Permissions- Introduction

The permissions system regulates access to ILIAS, its functions, and the set contents. Permissions are not assigned to individual users but always to roles. The permissions of a user result from the sum of the roles a user holds.
The principle of permissions inheritance applies when creating new objects: the permissions of a role are automatically transferred to all sub-areas until the rights inheritance is interrupted. This happens, e.g., automatically by courses or groups (here, the local roles of course member, course tutor, and course administrator or group member and group administrator are created) or manually by activating the local access control.

In the tab Permissions of the respective object, you can see the exact permissions settings and determine the permissions of a certain user. You can also view the object's owner and change it if necessary. The permissions are usually set, so you do not need to make any changes to use the objects as intended. In some contexts, you may need to change permissions:

  • You want to give extended permissions to all users of a certain role (e.g., course members) in an existing object: see Changing Permissions to an Existing Object.
  • You want to give all users of a certain role extended permissions for certain objects created in the future: see Change permissions on future objects.
  • You want to give extended permissions to selected users (not all users of a certain role): see Give more rights to selected users.

Changing permissions to an existing object

You want to change the permissions to an existing object for all owners of a certain role.

  1. Open the Permissions tab in the corresponding object.
  2. ILIAS opens the sub-tab Permissions settings.
  3. In the column of the desired role, find the right you want to change.
    Move the mouse over the corresponding entry to get more information about the role or the right.
    If you do not see the role you are looking for, select Show all roles in the current context in the Role filter and click Apply filter.
  4. To assign the right, activate the checkbox in front of the right - to remove the right from the role, deactivate the checkbox.
  5. Finally, to confirm the changes to the permissions settings, click Save.

ILIAS changes the permissions of the object accordingly.

  • Be careful with container objects: if you give course members the right to create their objects here, this does not always mean that they can be used in a meaningful way (e.g., folders). For this purpose, it may be necessary to adjust the permissions settings.

Note: If the checkboxes cannot be activated or deactivated, the permissions of this role are protected from a higher level. A change can then only be made by administrators with more extensive powers.

Changing permissions to future objects

You want to give advanced permissions to all users of a role for objects that will be created in a certain area in the future.

Example: Your course members should be allowed to create their folders in a group and files in them. A simple change of permissions is insufficient, as they will only be able to create files in the group but not in the new folders. For this purpose, changes in the permissions settings are necessary.

  1. Open the tab Permissions in the corresponding area (category, course, group or folder).
  2. ILIAS opens the sub-tab Permissions settings.
  3. Click on the role title of the role whose permissions you want to change. If the role title is not clickable, you must activate the local access control so that the new permissions take effect from this level.
  4. ILIAS opens the permissions preferences.
  5. To define what the users of the role are allowed to do, deactivate or activate the desired options for each object type.
  6. If you also want to change the permissions of existing objects, select the checkbox Change existing objects for each object type at the end of the page.
  7. Finally, click Save to change the permissions.

Note: If you omit step 6, the permissions adjustment will only affect objects created after changing permissions. Also, the role's permissions in the currently opened object will not be changed.

Activate local access control.

To change the permissions of a role in a specific area (category, course, group or folder), the permissions inheritance of a role in this area must be interrupted. You need to enable local access control if this is not done automatically (you can tell if the role title is clickable).

  1. Go to the area from which the changes of the permissions of a role should take effect.
  2. Open the Permissions tab there. In the column of the desired role, activate the top checkbox Local access control and click Save. If you do not see the role you are looking for, select the option Show all roles in the current context in the Role filter and click Apply filter.
  3. ILIAS now interrupts the inheritance of permissions from the parent so that you can redefine access permissions from this position. The title of the role now becomes clickable.
  4. Clicking on the role title will take you to the permissions preferences, where you can define what the users of this role are allowed to do for each object type. For more detailed information, please follow the instructions for changing the permissions of future objects.

Giving more permissions to selected users

If the default roles are not enough for you, for example, because you only want to give additional permissions to certain people, you can create a new local role. As with all other roles, you can specifically define the permissions of this local role and assign users who should receive these permissions.

  1. Open the Permissions tab in the corresponding object.
  2. ILIAS opens the Permissions ts settings sub-tab.
  3. Click the Create new local role button at the top of the page.
  4. Give the role a short, concise title and optionally add a description of the role.
  5. Decide whether the new role should take over the permissions of an existing role (recommended) or not.
  6. Under the Copy permissions setting, select the checkbox of the role template or role whose permissions you want to take over. To adopt these permissions for existing objects and their contents and subobjects, activate the Change existing objects checkbox at the bottom of the page.
  7. Finally, click Create a new role.
  8. ILIAS creates the new role according to the defined settings and displays it on the Permissions Settings page.
  9. Check the permissions and adjust them if necessary (see Changing permissions on an existing object).
  10. Now assign the users who are to receive the corresponding permissions. To do this, follow the instructions for Entering users in a role.

Entering users into a role

You want to enter users into a local role to get the role's permissions. This step is only possible when the local role is created. If you have created the role in a course or group, you can add users to this new role in the Members area (it will then be offered as a selection next to the Users input field). Otherwise, follow these instructions:

  1. Open the Permissions tab on the object where the local role was created. If the name of the local role is not clickable, you are in the wrong object. Hover over the name of the local role to see which object the role was created on.
  2. Click on the name of the local role where you want to add the users.
  3. ILIAS opens the permission settings of this local role.
  4. Switch to the User Assignment tab.
  5. Enter the user name of a user in the User input field. Depending on the platform settings, a list of matching users will be displayed after you enter a few letters.
  6. Click on the Add button.
  7. ILIAS has added the user to the role and displays it in the assigned user table.

Note: In step 5, you can use the Search Users button. Here ILIAS also allows you to add multiple users from another role, group, or course.

Blocking access to a role

You want one or more roles to be unable to see and access the current object. This includes all child objects for container objects (course, group, folder, category).

  1. Open the tab Permissions in the corresponding object.
  2. ILIAS opens the sub-tab Permissions settings.
  3. If you do not see the roles you are looking for, select Show all roles in the current context in the Role filter and click Apply filter.
  4. In the column of the desired role, select the Lock role checkbox. You cannot lock the role if you are in the object where the role was created.
  5. Click the Save button.
  6. ILIAS shows you a warning message and informs you about the consequences of this step.
  7. Click on the Lock role button.
  8. ILIAS has locked the role, removing all its permissions to this object and possible subobjects.

Apply a didactic template.

You want to apply a didactic template to the current object. This allows you to change the object's access permissions and usage options with just a few clicks.
Note: This option is only offered if there is currently a didactic template for this object type.

  1. If available, ILIAS will show you the currently applied didactic template on the Permissions Settings page.
  2. Select the desired template from the drop-down menu. The default is always the basic setting without changes by a template.
  3. Finally, click the Change button next to it to apply the permissions settings of the template.

Who has which permissions here?

Determining the permissions of a user

You want to know the permissions a specific user has in the object. You know the user name of this person.

  1. In the Permissions tab, open the "Who has what permissions here?" Sub-tab.
  2. Enter the person's user name into the input field and click on the button Show permissions of this user.
  3. ILIAS will give you the following information about this person:
  • the full name of the user;
  • the influential roles this user has at this point (for courses and groups, it is also shown here whether the person is a member);
  • the status information - i.e., whether the object is accessible or not;
  • all possible permissions that the user has here;
  • by which role the respective right is granted.

Note: Based on the information displayed, you can also determine if the user needs to be assigned to another role or if the permissions of his current role need to be adjusted.

Owner

Changing the owner of the object

You want to change the current owner of the object. When you do this, all basic permissions to the object (except the right to manage permissions and learning progress) are transferred from the old owner to the new owner. The owner is always displayed in the Info tab of the object.

  1. In the Permissions tab, open the Owner sub-tab.
  2. Enter the user name of the new owner. (Use the user name, not the usual first and last name).
  3. To make the change, click Change owner.
  4. ILIAS will change the owner.

Note: The permissions automatically assigned to an owner are the only rights directly attached to the person, not to a role. These rights also cannot be restricted while someone is the owner of an object.