Snorkl

Snorkl uses role-based access control combined with organization and class membership to determine what users can see and do. All permissions are enforced on the server to prevent unauthorized access.

Users can only access data associated with their organization, and access to student work and activities is further restricted based on class membership where applicable.

___________________________________________________________

Snorkl currently supports the following core roles:

Can access activities assigned to their classes

Can view and edit only their own submissions

Cannot view other students’ submissions unless explicitly enabled by a teacher

- Can access activities assigned to their classes
- Can view and edit only their own submissions
- Cannot view other students’ submissions unless explicitly enabled by a teacher
- Cannot access teacher-only content

Can create and assign activities to their classes

Can view student submissions only for students in their classes

Cannot access data from other organizations or unrelated classes

- Can create and assign activities to their classes
- Can view student submissions only for students in their classes
- Can provide feedback on student work
- Cannot access data from other organizations or unrelated classes

Can manage users within their organization

Can view organization-level teacher usage metrics

Can view student work for users within their organization

Cannot manage or modify classes for teachers

Cannot access data outside their organization

- Can manage users within their organization
- Can view organization-level teacher usage metrics
- Can view student work for users within their organization
- Cannot manage or modify classes for teachers
- Cannot access data outside their organization

Snorkl is designed to minimize data exposure and prevent unintended sharing.

- Users can only access data belonging to their organization.
- Cross-organization access is not permitted.

- Teachers and students only see data tied to classes they are members of.
- Student submissions are visible only to the student, their teacher(s), and organization administrators.
- Student-to-student visibility is disabled by default and must be explicitly enabled by a teacher.

- Student work and class content are not publicly accessible.
- Sharing requires explicit user action within the platform and remains restricted to authorized users.

- Organization boundaries
 - Users can only access data belonging to their organization.
 - Cross-organization access is not permitted.
- Class-based access
 - Teachers and students only see data tied to classes they are members of.
 - Student submissions are visible only to the student, their teacher(s), and organization administrators.
 - Student-to-student visibility is disabled by default and must be explicitly enabled by a teacher.
- No public sharing
 - Student work and class content are not publicly accessible.
 - Sharing requires explicit user action within the platform and remains restricted to authorized users.

All access controls are enforced server-side

- User role
- Organization membership
- Class membership (where applicable)

Frontend permissions mirror backend rules but do not grant access on their own

- All access controls are enforced server-side
- API requests are validated against:
 - User role
 - Organization membership
 - Class membership (where applicable)
- Frontend permissions mirror backend rules but do not grant access on their own

This ensures users cannot bypass restrictions through direct links or modified requests.

Least privilege: users only have access required for their role

Explicit boundaries: organizations define clear access limits

No implicit sharing: access is granted through roles and membership, not assumptions

- Least privilege: users only have access required for their role
- Explicit boundaries: organizations define clear access limits
- No implicit sharing: access is granted through roles and membership, not assumptions

Users are restricted by role, organization, and class

Teachers only see work from students they teach

Organization admins can view usage metrics and student work within their organization

Organization admins cannot manage teacher classes

All access controls are enforced on the backend

- Users are restricted by role, organization, and class
- Students only see their own work
- Teachers only see work from students they teach
- Organization admins can view usage metrics and student work within their organization
- Organization admins cannot manage teacher classes
- All access controls are enforced on the backend
- No data is shared across organizations

Explains Snorkl’s roles, permissions, and data access boundaries for students, teachers, and organization administrators.

Roles, Permissions, and Data Sharing

Find answers and get help from Intercom Support and Community Experts

This site employs cookies and other technologies that we and our third party vendors use to monitor and record personal information about you and your interactions with the site (including content viewed, cursor movements, screen recordings, and chat contents) for the purposes described in our Cookie Policy. By continuing to visit our site, you agree to our {websiteTermsLink}, {privacyPolicyLink} and {cookiePolicyLink}.

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See our {cookiePolicyLink} for more details.

Advertising cookies are set by our advertising partners to collect information about your use of the site, our communications, and other online services over time and with different browsers and devices. They use this information to show you ads online that they think will interest you and measure the ads' performance. Social media cookies are set by social media platforms to enable you to share content on those platforms, and are capable of tracking information about your activity across other online services for use as described in their privacy policies.

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

These cookies are necessary for the website to function and cannot be switched off in our systems.

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

You have the right to opt out of the sale of your personal information. See our {cookiePolicyLink} for more details about how we use your data.

Your Privacy Choices

We use cookies to enhance your experience. You can customize your cookie preferences below. See our {cookiePolicyLink} for more details.

Cookie Settings

Link, Press control-option-right-arrow to exit

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

Roles, Permissions, and Data Sharing

Overview

User Roles

Students

Teachers

Organization Administrators

Data Sharing Scope

Permissions Enforcement

Privacy and Security Principles

Summary