System access to Kuali Research Sponsored Programs requires system administrators to add a user to either a Role or Group that has the appropriate permissions to grant the level of access required for their business function. In order to have the appropriate edit access to make these updates requires a level of permissions - typically we recommend system administrators have either the KC-SYS role of 'Application Administrator' or 'Technical Administrator.' Below outlines the difference between Permissions, Roles, and Groups in the system and how they're assigned to a given user.
Permissions
Permissions are the levels of access to system functionality at a granular level (i.e. View Award, View Award Attachments, Modify Award, Submit Award, etc.). Permissions can only be assigned to Roles; they cannot be assigned to People or Groups.
Roles
Roles are a collection of permissions; a way to organize levels of access. Roles can be assigned to a Person record or a Group. Once they’re assigned it will grant either the individual (Person record) or a Group of users the permissions contained in that role.
Groups
A collection of people; a way to organize users and manage their access at a higher level. Groups can be assigned to Roles so if a certain subset of users should all have the same system access you can create a Group and assign the various Roles they should have. You then don’t have to add the Role to every individual but simply manage the users within the Group. Groups can also used for workflow management for proposal approvals, etc.
Person
The record for an individual user at your institution. This is where the user's contact and institutional identifiers are stored and also where you can assign the appropriate membership for the system to allow access. Roles can be assigned a the Person table level so only that person will get access or if the user is part of a Group then the associated group could be assigned to a given role to grant access.
Comments
0 comments
Article is closed for comments.