The permission system in ILIAS

• Principally, permission are always granted regarding specific object types (like Learning Module, Test, Forum etc.), i.e., any object of an object type. For newly created objects (and their possible sub-objects), these general settings will therefore be adopted by ILIAS automatically.
• Within the content "tree" of ILIAS, permissions are automatically inherited from an object (e. g., a category) to its sub-objects, unless inheritance is stopped by an administrator.
  By the "Permissions" button available in the edit mode of each object, the inherited settings can be bypassed for the single object.

• Roles can be provided with arbitrarily combined permission sets (access and edit permissions like view, read, edit, delete etc.) concerning specific object types. Thus, creating granular access permissions can be used in order to design complex learning / teaching scenarios.
  Besides permissions regarding object types, also permissions regarding the system administration (like user accounts, tracking data, payment settings etc.) can be granted separately.

• By means of the role administration within the administration area of ILIAS, roles existing by default may be modified as well as completely new global roles may be created (s. chap. Create a new global role).
  Moreover, arbitrarily modifiable permission templates, i.e., patterns for permission sets can be created and easily adopted to a newly created role (s. chap. Adopt permission settings). Thus, the effort is omitted to define permission sets each time anew

• Independent of the settings a role provides for the permissions concerning an object type, ILIAS users hold any permissions concerning single objects that they created by themselves.
  The owner of an object, thus, combines the functions of a local role and of a local permission policy: The permission inheritance is stopped and you have the facility to restrict this interruption to individual ILIAS users.