Configuring Security Groups in SyteLine
Security groups in SyteLine are the primary mechanism for controlling what users can see and do within the application. Each security group defines permissions at the form level (view, insert, update, delete), the field level (visible, read-only, hidden), and the data level (site restriction, warehouse filter). A well-designed security group structure mirrors organizational roles and follows the principle of least privilege—granting only the access needed for each job function. Poor security group design leads to either over-permissioned users creating compliance risks or under-permissioned users generating constant access request tickets.
Security Group Structure and Design
SyteLine security groups are created in the Security Groups form (System Administration > Security Groups). The recommended approach is to create groups aligned with business roles rather than individual users: Purchasing Agent, Shop Floor Supervisor, Cost Accountant, Shipping Clerk. Each group gets a descriptive name and an optional description explaining its purpose. The group's permissions are then configured at three levels: form-level access in the Form Security form, field-level visibility in the Field Security form, and collection-level access in the IDO Security form. Users inherit the union of permissions from all groups they belong to, so designing non-overlapping groups prevents permission creep.
- Create security groups in System Administration > Security Groups using role-based naming: SG_Purchasing, SG_ShopFloor, SG_CostAccounting
- Document each group's purpose and intended audience in the Description field for audit and maintenance clarity
- Design groups around business roles, not individuals—one user may belong to multiple groups if they wear multiple hats
- Limit the total number of groups to a manageable set (typically 15-30) to prevent security model complexity explosion
- Create a Security Group Matrix document mapping groups to forms, fields, and IDO permissions for reference and audit
Form and Field-Level Permission Configuration
Form-level security is configured in the Form Security form (System Administration > Form Security) where you assign CRUD (Create, Read, Update, Delete) permissions per security group per form. A group with no entry for a form has no access to it. Field-level security adds granularity within forms: the Field Security form (System Administration > Field Security) lets you make specific fields read-only, hidden, or required for a given security group. This is critical for sensitive data like cost fields, pricing, and employee information that should be visible to some roles but hidden from others.
- Assign form permissions in Form Security: grant Read, Insert, Update, Delete per form per security group
- Configure field-level overrides in Field Security to hide cost fields from non-accounting groups (e.g., hide unit_cost on Items form)
- Set field-level Required flags per group to enforce data entry rules specific to certain roles
- Use the Security Audit report to identify forms accessible by all groups and verify no unintended access exists
- Test security configurations by logging in as a test user assigned only to the target group before rolling out to production
IDO Security and Data-Level Restrictions
IDO-level security controls which data operations (LoadCollection, UpdateCollection, method calls) a security group can perform on each IDO. The IDO Security form (System Administration > IDO Security) defines these permissions. Data-level restrictions go further by filtering which records a user can see based on site, warehouse, or custom criteria. Site-level security is configured by assigning users to specific sites and enabling the site security check in SyteLine Parameters. For multi-division environments, data-level security prevents users at one site from viewing or modifying another site's orders, inventory, and financial data.
- Configure IDO-level permissions in IDO Security form: LoadCollection (read), UpdateCollection (write), and method-level access per group
- Enable site-level data security in SyteLine Parameters > General tab to restrict data visibility by user's assigned site
- Set up warehouse-level restrictions using custom security rules for users who should only see specific warehouse inventory
- Test IDO security using the IDO Request Tester utility with the security context of a specific user group
- Schedule quarterly security reviews using the Security Group Comparison report to detect permission drift and unauthorized escalation
Need a security audit of your SyteLine groups? Netray's AI agents analyze permissions, detect over-provisioning, and recommend least-privilege configurations—schedule a consultation.
Related Resources
SyteLine User Administration and Management Guide
Manage user accounts in Infor SyteLine with profile creation, license assignment, role mapping, and session management. Complete admin guide for system administrators.
Infor SyteLineSyteLine Security Roles Best Practices
Design SyteLine security roles for least-privilege access. Role architecture, form permissions, IDO security, and audit compliance for CloudSuite Industrial.
Infor SyteLineSyteLine Environment Management Guide: Dev, Test, Prod
Manage SyteLine development, test, and production environments with database refresh, configuration sync, and promotion workflows. Complete environment admin guide.