Infor LN Authorization Model Deep Dive
The Infor LN authorization model controls who can access which sessions, data, and functions across the enterprise. LN's security is multi-layered: session authorization determines form access, company authorization controls entity-level visibility, and function-level authorization governs specific operations within sessions. A well-designed authorization model enforces least-privilege access while minimizing the administrative overhead of managing hundreds of users across multiple companies.
Authorization Layers and Role Design
LN authorization operates at three layers: session access (which forms a user can open), data authorization (which records a user can view or modify), and function authorization (which operations a user can perform within a session). Roles aggregate these permissions into manageable units. Design roles around business functions—planner, buyer, warehouse operator—rather than departments, to create reusable permission sets that map cleanly to job responsibilities.
- Define roles around business functions with documented session access lists and permission boundaries
- Use session authorization groups to manage large sets of related sessions as a single permission unit
- Implement company-level authorization to restrict users to the legal entities they work with
- Configure function-level authorization for sensitive operations: cost visibility, price overrides, and master data changes
Segregation of Duties Implementation
Audit compliance requires segregation of duties (SoD) in LN. Critical SoD conflicts include: creating vendors and processing payments, entering and approving purchase orders, posting journals and managing the chart of accounts. LN's authorization model supports SoD enforcement through role exclusion rules, but these must be configured explicitly. Build a SoD conflict matrix during implementation and validate it against role assignments regularly.
- Build a SoD conflict matrix mapping incompatible function combinations for your industry and audit requirements
- Configure role exclusion rules in LN to prevent assignment of conflicting roles to the same user
- Generate monthly SoD violation reports and remediate any conflicts within a defined SLA
- Document SoD control evidence for auditors including role definitions, exclusion rules, and violation reports
Authorization Lifecycle Management
Authorization models degrade without lifecycle management. Users accumulate permissions as they change roles, temporary access becomes permanent, and new sessions get deployed without proper authorization configuration. Implement a closed-loop process: HR-triggered provisioning, role-based assignment, periodic certification, and automated deprovisioning. Track all authorization changes in an audit log that satisfies regulatory review requirements.
- Integrate user provisioning with HR processes so role assignments change automatically with job changes
- Require manager approval for all role assignments and document the business justification
- Conduct semi-annual authorization certification where managers review and confirm each user's access
- Maintain a complete authorization change log with timestamps, approvers, and business justifications
Strengthen your LN security—our consultants design audit-ready authorization models for manufacturers.
Related Resources
Infor LN Domain Administration Guide
Administer Infor LN domains effectively. Domain architecture, user management, environment configuration, and system maintenance best practices.
Infor SyteLineSyteLine Security Roles Best Practices
Design SyteLine security roles for least-privilege access. Role architecture, form permissions, IDO security, and audit compliance for CloudSuite Industrial.
Infor LNInfor LN Session Programming Guide
Complete guide to Infor LN session programming. Session architecture, form design, data handling, and business logic implementation for LN developers.