Handle school admins access to the dashboards

[marcospri]

LTI limitations

LMS users can be admins at different levels (sub accounts) of an LMS instance. The same user, in the same install can be an admin in one course but not in another.

The roles we get via LTI for this only informs us that this type of user is and admin "somewhere" but we can't scope that to a list of courses they should have access to.

Without a clear admin role admins would default to the same access level instructors have meaning that they could only see courses where they have made a launch.

Solution

We'll keep a manual list of user's email accounts provided to support in the LMS database. For users that match that email we'll give them admin access to the dashboards.

This emails/admins will be scoped to the organization level.

Open questions

• Should we automatically give admin access to LTI user that have the system level admin role? This is trivial to change, it could be even controlled by a feature flag.

Next steps outside the scope of this issue:

• Self service option for admins to include other admins.
• Assign the dashboard admin role by any other field than email.

[marcospri]

This is done as described here, admins added to the admin pages by email will have access to any entities under that organization.