Read/Write access to Resource Targets
The ability to read and/or write to a resource target is determined by the roles stored against the target and the roles of the viewing user in question. This differs to regular items as they use the NS security inheritance model for their security permissions.
When the viewing users role set is mutually exclusive to that of the roles stored against a target, the target will not appear in the UI at any stage.
If the set of roles for the viewing user is a subset of the roles stored against a target, the target will appear on the UI but will not be editable (greyed out).
When the set of roles for a user contain all (and possibly more) roles that are assigned to a target, the user is granted the ability to modify that target and it appears as such on the UI.
If a users set of roles is modified after the point in time when a target is created, the roles stored against the target are not updated to reflect this. Ie. it uses a snapshot model.