The permissions model used in the Instructional Support application is meant to support a wide variety of possible working arrangements. Each person may be granted specific permissions to an admin unit, which continue indefinitely, or to an offering, which are effective only in the term of the offering.
Admin Units are organized into a directed acyclic graph (DAG), where “inner” units inherit permissions from “outer” units. Much of the graph is automatically maintained:
- Each Group (as defined in Quest) has an admin unit;
- Each Unit (as defined in Quest) has an admin unit;
- Each Course (as defined in Quest) has an admin unit;
- Heldwith course combinations each have an admin unit;
- Admin units corresponding to specific instructors teaching a course or set of heldwith courses are semi-automatically maintained.
Within the above list, admin units early in the list contain the appropriate admin units further down the list. The exact definition of the automatic containments is in the view teaching_admin_contains_auto. The complete set of containments is recorded in the table teaching_admin_contains. Containments with contains_manual set to FALSE are automatically maintained based on the above-noted view and will change at the next automatic update run after a change in the view. Containments with contains_manual set to TRUE are maintained manually. Due to the low volume of updates, this is done using direct SQL by CSCF.
Additional “ad hoc” admin units can be created by hand, and manually included in the DAG structure. Permissions granted on the ad hoc admin unit will then allow the affected staff to work with all admin units contained below the ad hoc unit. This is convenient if there is a set of courses managed by a distinct group of people, but the set is not all the courses run by an academic unit.
Permissions should be granted at the Group and Unit levels if there are people with overall responsibility for courses with a Group or Unit.