FIRST

There is no way to indicate who should be allowed to read/write assessment metadata or data. While the server can enforce these rules, they need to be set. The default is that only the owner has full permission.
It was decided that unlike EML, we would be changing the access control on the server rather than in the document. This decision was motived by a number of reasons, but mostly because the QTI specification would not allow for access control being stored in each XML file (and would that even make sense?)

The access control interface should look like the one in the current Morpho, but should have separate controls for setting the rights for metadata (assessment and assessment items grouped into one) vs data