What are the default realm permissions for basic roles in Sakai?

Sakai 11 OOTB comes with preconfigured realm permissions as shown below. Administrators may modify the realms on a per-role basis (exercising caution is recommended) and configure new roles with appropriate permissions.

Warning: the list of all possible realm permissions is long.

Aliases tool permissions (Admin only)

Function Description Admin
alias.add Add/create site aliases (to use instead of the long hexadecimal site ID)
X
alias.del Delete site aliases
X
alias.upd Modify site aliases
X
Function Description Admin
alias.add Add/create site aliases (to use instead of the long hexadecimal site ID)
X
alias.del Delete site aliases
X
alias.upd Modify site aliases
X
Function
Description Admin
Alias.add
Value 2
Column 1
Column 2
Value 1
Value 2

The Aliases tool realm permissions are enabled for accounts in the Admin role. These permissions should not be enabled for site roles. The Aliases realm permissions shown here are for reference only.

Function Description Admin
alias.add Add/create site aliases (to use instead of the long hexadecimal site ID)
X
alias.del Delete site aliases
X
alias.upd Modify site aliases
X

Announcements tool permissions

Function Description Instructor / maintain Teaching Assistant Student / access
annc.all.groups Access all announcements
X
 
 
annc.delete.any Delete all announcements
X
 
 
annc.delete.own Delete own announcements
X
X
 
annc.new Create new announcements
X
X
 
annc.read Read posted announcements
X
X
X
annc.read.drafts Read draft announcements
X
X
 
annc.revise.any Revise all announcements
X
 
 
annc.revise.own Revise own announcements
X
X
 

Assignments tool permissions

Function Description Instructor / maintain Teaching Assistant Student / access
asn.all.groups Access all group-scoped assignments
X
 
 
asn.delete Delete assignments
X
 
 
asn.grade Grade assignment submissions
X
 
 
asn.new Create new assignments
X
 
 
asn.read View assignments
X
X
X
asn.receive.notifications Receive assignment notifications
X
 
 
asn.revise Edit assignments
X
 
 
asn.share.drafts Enables the ability to view draft assignments created by others
 
 
asn.submit Submit assignments
X
 
X

Assessment (Tests & Quizzes) tool permissions

Function Description Instructor / maintain Teaching Assistant Student / access
assessment.createAssessment Create new assessments
X
 
 
assessment.deleteAssessment.any Delete any/all assessments
X
 
 
assessment.deleteAssessment.own Delete own assessment
X
 
 
assessment.editAssessment.any Edit any/all working copy* assessments
X
 
 
assessment.editAssessment.own Edit own working copy* assessment
X
 
 
assessment.gradeAssessment.any Grade any/all assessments
X
X
 
assessment.gradeAssessment.own Grade own assessments
X
X
 
assessment.publishAssessment.any Publish any/all assessments
X
 
 
assessment.publishAssessment.own Publish own assessments
X
 
 
assessment.questionpool.copy.own Copy own question pool
X
 
 
assessment.questionpool.create Create a question pool
X
 
 
assessment.questionpool.delete.own Delete own question pool
X
 
 
assessment.questionpool.edit.own Edit own question pool
X
 
 
assessment.submitAssessmentForGrade Submit an assessment
 
 
X
assessment.takeAssessment Take an assessment
 
 
X
assessment.template.create Create an assessment template
X
 
 
assessment.template.delete.own Delete an assessment template
X
 
 
assessment.template.edit.own Edit an assessment template
X
 
 

* In order to edit published versions of exams with submissions, an admin must set this site property in the Sites tool as follows:

samigo.editPubAssessment.restricted=false

Calendar tool permissions

Function Description Instructor / maintain Teaching Assistant Student / access
calendar.all.groups Access/create group events
X
 
 
calendar.delete.any Delete any events
X
 
 
calendar.delete.own Delete own events
X
 
 
calendar.import Import events in .ics or .cal format
X
 
 
calendar.new Create new events
X
 
 
calendar.options Change calendar options
X
X
X
calendar.read View events
X
X
X
calendar.revise.any Edit any events
X
 
 
calendar.revise.own Edit your own events
X
 
 
calendar.subscribe Subscribe to a site calendar
X
 
 
calendar.view.audience Veiw the target audience of an event
X
 
 

Chat tool permissions

Function Description Instructor / maintain Teaching Assistant Student / access
chat.delete.any Delete any chat messages
X
 
 
chat.delete.channel Delete a chat channel/rooms
X
 
 
chat.delete.own Delete own chat messages
X
 
 
chat.new Post chat messages
X
X
X
chat.new.channel Create chat channels/rooms
X
 
 
chat.read Read chat messages
X
X
X
chat.revise.channel Edit chat channels/rooms
X
 
 

Content (Resources) permissions

Function Description Instructor / maintain Teaching Assistant Student / access
content.all.groups Access/view all group-scoped content
X
 
 
content.delete.any Delete any content
X
 
 
content.delete.own Delete own content
X
 
 
content.hidden Access/view hidden content
X
X
 
content.new Add new content
X
 
 
content.read View (unhidden) content - must be enabled in order to access attachments in other tools, as well
X
X
X
content.revise.any Edit any content
X
 
 
content.revise.own Edit own content
X
 
 

Course_site_publish_service (Admin only)

The course_site_publish_service realm permissions are enabled for accounts in the Admin role. These permissions should not be enabled for site roles. Permissions shown here are for reference only.

Function Description Version Introduced Admin
course_site_publish_service.publish admin permission for publishing existing course sites prior to new term (also see associated sakai.properties) 11.0
X
course_site_publish_service.removal admin permission for unpublishing course sites after a term ends (also see associated sakai.properties) 11.0
X

Dropbox tool permissions

Function Description Instructor / maintain Teaching Assistant Student / access
dropbox.maintain Access/view all dropbox folders
X
 
 
dropbox.maintain.own.groups Access/view own group-scoped dropboxes
X
X
 
dropbox.own Access/manage own dropbox folder
X
X
X

Gradebook tool permissions

Function Description Instructor / maintain Teaching Assistant Student / access
gradebook.editAssignments Edit gradebook items
X
 
 
gradebook.gradeAll Grade all gradebook items
X
 
 
gradebook.gradeSection Grade items in assigned section
X
 
gradebook.viewOwnGrades View one's own grades
X
X

Lessons tool permissions

Function Description Instructor / maintain Teaching Assistant Student / access
lessonbuilder.read Access/view lessons content
X
X
X
lessonbuilder.seeall Access/view all lessons content
X
 
 
lessonbuilder.upd Revise lessons content
X
 
 

Mail (Email Archive) tool permissions

Function Description Instructor / maintain Teaching Assistant Student / access
mail.delete.any Delete Email Archive messages
X
 
 
mail.new Send Email Archive messages
X
 
 
mail.read Access/view Email Archive messages
X
X
X

Mailtool (Email) tool permissions

Function Description Instructor / maintain Teaching Assistant Student / access
mailtool.admin Manage the Email tool
X
X
 
mailtool.send Send messages using the Email tool
X
X
X

Messages tool permissions

Function Description Instructor / maintain Teaching Assistant Student / access
msg.emailout Enable/disable Messages delivery to primary email accounts
X
 
 
msg.permissions.allowToField.allParticipants Show/select All Participants in To: list
X
X
X
msg.permissions.allowToField.groups Show/select all groups in To: list
X
X
X
msg.permissions.allowToField.myGroupMembers Show/select group members of which you're a member in To: list
X
X
X
msg.permissions.allowToField.myGroups Show/select groups of which you're a member in the To: list
X
X
X
msg.permissions.allowToField.roles Show/select recipients by role in the To: list
X
X
X
msg.permissions.allowToField.users Show/select individuals in the To: list
X
X
X
msg.permissions.viewHidden.groups Show/select hidden groups in the To: list
X
 
 

Oauth permissions

The oauth.admin realm permission is enabled for accounts in the Admin role. This permission should not be enabled for site roles. The realm permissions shown here are for reference only.

Function Description Version Introduced Admin
oauth.admin ??? NEED A DESCRIPTION ???
11.0
X

PA (Public Address) System permissions

The PA System was introduced in Sakai 11.0. The pasystem.manage realm permission is enabled for accounts in the Admin role. This permissions should not be enabled for site roles. The realm permissions shown here are for reference only.

Function Description Version Introduced Admin
pasystem.manage Grants admin access to the PA System tool in Administration Workspace?
11.0
X

Polls tool permissions

Function Description Instructor / maintain Teaching Assistant Student / access
poll.add Create new polls
X
 
 
poll.deleteAny Delete any poll
X
 
 
poll.deleteOwn Delete own polls
X
 
 
poll.editAny Edit any poll
X
 
 
poll.editOwn Edit own poll
X
 
 
poll.vote Vote on a poll
X
X
X

Portal Chat permissions

Function Description Instructor / maintain Teaching Assistant Student / access
portal.chat.permitted Enable for roles to allow portal chats only if sakai.property portal.chat.securedByUser=true
 
 
 

Preferences tool permissions

The Preferences tool realm permissions are enabled in the !user.template.x realms for the .auth role ONLY. These permissions should not be enabled for roles at the site level, e.g., !site.template.course or !site.template.project.

Function Description Instructor / maintain Teaching Assistant Student / access
prefs.add Add preferences
 
 
 
prefs.del Delete preferences
 
 
 
prefs.upd Update preferences
 
 
 

Realms tool permissions