Mark,
We use Blackboard 6 Basic edition and I have been able to disable the privilege for Instructors to change users passwords. With Basic you can simply allow or disallow various privileges globally, you cannot however specify which roles can be allowed or disallowed access.
The privilege that you need to disallow is the as follows:
2 User Privileges for Course or Organization
Change User Password
I also disallowed Modify user properties and Change User's Role in Course Organization as I determined it could be a possible security risk as instructors could change a users access level to instructor giving them full access to the course control panel. This could occur if a student on the course in question had the same name as a member of staff within that course team.
Once you disallow or disable the Change user password privilege only system administrators can change user passwords via system admin tab and list modify user.
Hope this helps
Anthony Doyle
E-Learning Technologist
Middlesbrough College
-----Original Message-----
From: Mark Gamble [mailto:[log in to unmask]]
Sent: Wed 26/11/2003 13:29
To: [log in to unmask]
Cc:
Subject: Instructor can change password
This is specifically addressed to users of Bb6 Basic.
Has anyone else noticed that Instructors can change the password of any
other User on their Course Site?
With the Basic license, you do not have access to setting privileges by
role. If you go to: ADMINISTRATION PANEL > USER PRIVILEGES > MODIFY
PRIVILEGE, you will notice the following statement: "Set privileges by role
requires Enterprise license."
How can it be acceptable to allow any Instructor to change any other User's
password? Unless I have missed something very obvious, I regard this as a
very doubtful policy indeed, since it represents an enormous potential for
abuse. Surely it is a basic tenet that with any system the only person able
to modify personal information, especially passwords, is the individual
concerned? Quite apart from any moral issue here, is this not a direct
contravention of the Data Protection Act in the UK? I am not as informed on
similar legislation in the US, but surely there is something similar in most
other countries. Even if there is some reason why it is impossible to allow
users of the Basic system to change this setting, surely the default should
have been set to 'Off'. Any Instructor should NOT be able to change any
other User's password.
Am I missing something?
--
Mark Gamble
Head of Learning Technology Support
University of Luton, Park Square, Luton, LU1 3JU
Tel (+44)1582 489260 Fax (+44)1582 489259 Mob 07720 068605
|
