There are two type of authorization, here you select permission role name for each authorization type. Go to Object List select am object, and from the right panel (datasource::Object Name) go to Authorization part:
Here you can select from the list (they are defined before), or type a new role name and click on Save, then this new permission role name will be in the list of Roles in Authentication Server application, don't forget to give permisssion from the Authentication Server appliaction (check marked the created role name)(Go to Management>System>Application here select Netigma, click on Groups, then roles you'll see the created role name in this list.)
When this feature is enabled, appropriate authorization operations must be performed in order for the data fields of the object to be used in statistical queries (group by). If a role name is defined for the grouping authority and the current user is not in this role, the user will not be able to make a statistics query using these object columns.
Select Column Authorization
When this feature is enabled, proper authorization will have to be done so that the data fields of the object can be used in queries. That is, if a role name is defined for the grouping authority and the current user is not in this role, the columns of this object will not be visible hat is data fields tab the query page for that user.
With object authorizations, admins can restrict users' queries on tables. They can hide private data in tables for specific users.