Role model
- Students access their assignments, submissions, interview workflows, and results as permitted by the course configuration.
- Instructors access classes, assignments, student submissions, interviews, reports, and grading workflows under their teaching context.
- Admins manage institution, user, LTI, compliance, and support workflows according to assigned privileges.
- System-level functions support integrations, automation, and operational workflows.
Object-level authorization
VerbalCheck authorization should verify not only that a user has the right role, but also that the requested record belongs to the correct class, assignment, student, instructor, institution, or LTI context.
Session revocation
- Logout invalidates server-side session records.
- User deactivation and role changes should revoke active sessions.
- Persistent session state helps enforce access changes across deployed instances.