"If someone makes a student a guest who can't see private data, they have made a mistake and I correct it for them. We try to explain clearly what guest and limited access mean so that group admins use each appropriately, but occasionally, I do a little corrective intervention, which takes about 1 minute of my time. "
As we mentioned above though this correction cannot be made in the web interface. Not all admins have direct access to the database. Two action points seem to emerge from this debate:
1) Catch disallowed settings of Access and Guest at user creation time
2) The Access and Guest fields need to be explained in the admin UI. I would simply change the labels to: "Can View User Data" and "Can Join/Drop Dlasses".
