Forums | Mahara Community

Support /
Why don't administrators have direct access to all pages?


23 August 2022, 22:02

We find that we are using the option 'log in as user XXX' a lot when we are already logged in as administrator. This is needed because administrators for example have no direct access to pages of other users. So if someone needs help and sends us the URL, we almost always have to use the 'log in as user' option.

Administrators have access to all pages using the 'log in as' option. So why not give them immediate access to all pages using the administrator account anyways?

It would save a lot of support time.

 

Kristina Hoeppner's profile picture
Posts: 4717

25 August 2022, 8:10

Hi Richard,

Mahara was conceived as personal learning environment putting the learner into the centre and giving them a space where they can collect and aggregate learning evidence that is important to them.  Sometimes that may be of a very personal nature or confidential information may be stored in reflections and such.

I was not there at the start of the conversations around the design of the software, but imagine that to allow for privacy and to assure learners that it's not easy as just clicking a link for an administrator to access portfolios, the step of masquerading was introduced. I always like to compare the space when talking about this to a laptop / phone etc.: A college administrator does not have direct access to a student's laptop and can nose around the files on it, but they either need to start a remote desktop session or ask the student to bring the laptop in if there are any problems with it, thus making the student aware of the fact that at that point an administrator has access. Whereas if you use a learning management system, you don't need to masquerade as a student to see what they've uploaded into an assignment. For me that's like being in a classroom and entering that through a door. The students in the classroom are already in a semi-public space with others, but an admin still only has access to what a student is writing once the test or assignment leaves the student's hands or computer.

Per default, students are not alerted to any masquerading of an administrator. However, there is the possibility to make the masquerading action more transparent, which might be beneficial for GDPR and other data privacy purposes by requiring that the administrator provide a reason for the masquerading and that learners are informed about the masquerading. By providing a reason, masquerading sessions can be audited to a degree if you log those (enable that in the 'Logging settings').

Thank you

Kristina

26 August 2022, 20:38

I understand these reasons from a learner's point of view. And I even agree with them.

But, IT administrators have always had access to other peoples data. They have access to every file on a shared drive. They have access to every mailbox, even the mailbox of the president. That's why, most of the times, you will sign a non disclosure agreement and are reviewed yearly on your work, specifically on this point.

What you also need to keep in mind is that administrators are doing their jobs. They don't care about the data, they care about the system. The way it is set up now, feels like a doctor that needs to explain every time why a patient needs to undress. It has nothing to do with the patient itself, it's just his job.

As an administrator it even feels more wrong to masquerade as a person then to just be yourself, do your job. Fix that presidents mailbox without looking at the mail. Help that student upload their report without caring what the report contains. Fix the grades of a failing student without telling anyone the student is failing, including the student itself.

It's the part of the job as an administrator.

But that's just my opinion. Right now, the administrator does have access to everything, secretly, by masquerading all the time to fix issues. For me, that solution feels worse.

BTW: we would never let a teacher masquerade as anyone. Not in Moodle, not in Mahara. For me, that would introduce a possible conflict of interest. But with administrators, there's none.

Kristina Hoeppner's profile picture
Posts: 4717

29 August 2022, 14:31

Hi Richard,

I do see your reasons as well. In large organisations the separation of roles is more easily achieved and an IT admin may purely be an IT admin. However, I wager though that the majority of Mahara installations (also larger ones with thousands of accounts) is administered by individual teachers or people fulfilling multiple roles at an institution where a conflict of interest easily comes into play. If you notify people about the masquerading, it's not done in secret. And yes, there are other ways for admins to check out the data that doesn't require masquerading but direct access to the database thus not making it transparent for learners when their data is accessed.

Please file a wishlist item if you think we should change that in core at some point.

Thank you

Kristina

5 results