Infor SyteLine3 min readNetray Engineering TeamUpdated March 4, 2025

How to Configure User Security Groups in SyteLine

User security groups in Infor SyteLine control which forms, IDOs, and data partitions each user can access. Properly configured groups prevent unauthorized data exposure, enforce segregation of duties, and simplify onboarding by assigning predefined permission sets. This guide covers creating security groups, assigning form-level and property-level permissions, and testing access configurations through the Security Groups form.

Creating and Organizing Security Groups

Navigate to the Security Groups form (path: System Administration > Security > Security Groups) to define group hierarchies. Each group is stored in the UserGroupNames IDO and maps to the UserGroup table in the SyteLine database. Create groups that mirror organizational roles—such as ShopFloor, Purchasing, Engineering, and Finance—so permission inheritance stays manageable. Assign a unique GroupName identifier using a consistent naming convention like DEPT_ROLE to keep groups sortable and auditable across environments.

Open Security Groups form and click New to create a group with a unique GroupName identifier up to 30 characters
Set the Description field with a human-readable label referencing department and access tier for audit trail clarity
Use group nesting by assigning a Parent Group to inherit base permissions and override only role-specific access
Export group definitions via the UserGroupNames IDO export utility before environment promotion to preserve configurations

Assigning Form and IDO Permissions

After creating security groups, assign form-level access using the Form Permissions tab within the Security Groups form. Each permission entry maps a FormID to an access level—None, View, Insert, Update, or Full—stored in the UserGroupFormPerms table. For finer control, use the Property Permissions tab to restrict individual fields within an IDO. For example, you can allow the Purchasing group to view the unit cost on SLItems but deny update access, preventing unauthorized cost changes while maintaining data visibility.

Add form permissions by selecting a FormID from the dropdown and setting access to None, View, Insert, Update, or Full
Configure IDO-level property permissions to restrict specific columns like unit_cost or std_cost on sensitive IDOs
Use the Collection Permissions tab to control access to IDO collections such as SLItems, SLCos, and SLPos separately
Test permission combinations using the Effective Permissions utility to verify the resolved access for a specific user

Testing and Deploying Security Group Configurations

Before deploying security groups to production, validate configurations in a test environment using the User Security Test form. Log in as a test user assigned to the target group and verify that restricted forms display the Access Denied message while permitted forms load correctly. SyteLine caches security permissions in the UserGroupPermCache table, so changes require either a cache refresh via the Refresh Security Cache utility or an application server restart to take effect immediately.

Assign a test user to the new group via the Users form and clear the security cache before validation testing
Verify form access by navigating to each restricted form and confirming the Access Denied or read-only behavior
Check IDO property restrictions by attempting field edits and confirming the read-only enforcement on restricted columns
Promote validated group configurations across environments using the Configuration Export/Import utility in System Administration

Frequently Asked Questions

How many security groups can I create in SyteLine?

SyteLine does not impose a hard limit on the number of security groups. Most implementations use 15-40 groups organized in a hierarchical parent-child structure. However, exceeding 100 groups can slow the Effective Permissions calculation by 20-30%, so consolidate overlapping groups to keep the permission resolution under 2 seconds per user login.

Do security group changes take effect immediately?

No, SyteLine caches resolved permissions in the UserGroupPermCache table for performance. After modifying group permissions, you must either run the Refresh Security Cache utility from System Administration or restart the application server. Cache refresh typically completes in 10-30 seconds depending on the number of users and groups in the system.

Can a user belong to multiple security groups simultaneously?

Yes, SyteLine supports multi-group membership through the Users form. When a user belongs to multiple groups, the system applies the most permissive access level across all assigned groups. For example, if Group A grants View access to a form and Group B grants Full access, the user receives Full access. Plan group assignments carefully to avoid unintended privilege escalation.

Key Takeaways

1Creating and Organizing Security Groups: Navigate to the Security Groups form (path: System Administration > Security > Security Groups) to define group hierarchies. Each group is stored in the UserGroupNames IDO and maps to the UserGroup table in the SyteLine database.
2Assigning Form and IDO Permissions: After creating security groups, assign form-level access using the Form Permissions tab within the Security Groups form. Each permission entry maps a FormID to an access level—None, View, Insert, Update, or Full—stored in the UserGroupFormPerms table.
3Testing and Deploying Security Group Configurations: Before deploying security groups to production, validate configurations in a test environment using the User Security Test form. Log in as a test user assigned to the target group and verify that restricted forms display the Access Denied message while permitted forms load correctly.

Need help designing a scalable SyteLine security model? Netray's ERP agents can audit your current permissions and recommend optimized group structures—schedule a consultation.

Talk to an Expert See a Demo

Related Resources

Infor SyteLine