Authorised System Resource

In Katmandoo, Authorised System Resource is used to grant permission (ie role) to system groups for the system resources (ie tables) ie it defines which system group (or users of the system group) can have what permission on which system resource.

See the Authorised System Resource section in the security framework for detail information.

Example:

System Group	System Resource	System Role	Wheat does it mean?
Wheat Agronomy Genotype Admins	Genotype	Admin	The users in Wheat Agronomy Genotype Administrator group have DEAR (ie DELETE, EDIT, ADD and READ) permission in the Genotype table.
Wheat Agronomy Breeders	Genotype	Guest	The users in Wheat Agronomy Breeders group have READ only permission in the Genotype table.
Wheat Agronomy Breeders	Trial	Admin	The users in Wheat Agronomy Breeders group have DEAR permission to the Wheat Trials.
Wheat Agronomy Breeders	Contact	Guest	The users in Wheat Agronomy Breeders group have READ only permission in Contact table.
Wheat Admins	Contact	Admin	The users in Wheat Agronomy Breeders group have DEAR permission in Contact table.
Wheat Admins	Site	Admin	The users in Wheat Agronomy Breeders group have DEAR permission in the site table.
Wheat Admins	Site Year	Admin	The users in Wheat Agronomy Breeders group have DEAR permission in the site year table.

Suppose a user is a member of Wheat Agronomy Genotype Admins and Wheat Agronomy Breeders system groups. Since system takes the most powerful role of a user in a resource, the user will have Admin role (not Guest Role) in Genotype table. (see System Role section for detail).

Column Name	Description
SystemGroupId (PK)	Identification Number that identifies a system group.
ResourceId (PK)	Identification Number that identifies a System Resource.
RoleId (FK)	Identification Number that identifies a role that can be granted in the system. (REQUIRED)
ResourceRole	It will be generated dynamically by concatenating ResourceName and RoleName (ie this column does NOT exist in the table).

• Security tab in the Data Dictionary has detailed information on the columuns used in System Group, System Resource and System Role tables.

Authorised System Resource is managed using the System Group Main Form.

To grant permission to a System Group for System Resources, follow the steps below :

• Use [ Record > Update Authorised Resource ] in System Group Main Form to load the Update Authorised Resource Form.

Illustrative snapshot:

1. Roles (Permissions) that are granted to [ Lupin Agronomy Users ] system group.
   • It has None role on ActivityLog, MultiEnvTrial tables ie users of this group can not even read data of these tables.
   • It as Guest role on all other displayed resources ie users of this group can Read data of those resource.
2. Explains the level of permission that each role grants.
3. Alternately, select a role and click the button to update the selected role for all the listed Resources.