User Groups

Setting up user groups

User groups consistute an important entity in Hexagon, helping to manage data access rights for users within an organisation. Rights are defined at the user group level, so that when a user is linked to a user group, it automatically receives all rights associated with this user group. A user can then be moved to another user group, in which case its rights change accordingly.

Set up user groups so that people who perform similar tasks within the organization have the same privileges. In the system, you can copy the header and child information from one user group to another. You can also edit user groups as necessary.

Note on R5 user group: The system is automatically configured with the R5 user group, which contains one user. The R5 user group has full access to all functions, including data setups, system setups, and system administration setups. Only the system administrator should have access to user information. Hexagon strongly discourages using the predefined R5 user group as a default user group because menus and authorizations of this group might be replaced during system upgrades.

Creating user groups

To create user groups, enter the following information (see screenshot below):

Select Administration > Security > User Groups.
Click "New Record" ([+] icon).
"User Group": Enter a unique code identifying the user group
Enter a brief description of the user group in the adjacent field.
"Copy From": select group from which to copy menus, permissions, and status authorizations to the user group. Note: For user groups that need extensive system privileges, enter the R5 user group, and then turn off the unnecessary permissions. If you do not enter a user group, the system automatically copies menus, permissions, and status authorizations from the R5 user group.
"Department": Enter a default department for the user group.
"Session Timeout (minutes)": Enter the amount of time in minutes in which the system will timeout.
Click "Save Record" (floppy disc icon).

Work order-related Information:

"Hexagon Requestor": Select to indicate that this user group performs Infor EAM Requestor functions. Note: The Requestor user group may only submit work requests and/or purchase requests. When you change the value of the "Requestor" checkbox, the system clears Copy From.
"Default WO Type": Enter the default work order type for the user group. The system automatically assigns the selected type as the default work order type for the user group on various forms within the system.
"Corrections Allowed": Select to allow users to make corrective hour bookings in the work management module.
"Corrections Allowed": Select to allow users to make corrective hour bookings in the work management module.

Note: After setting up users within a user group, the system administrator cannot delete the group. To delete a group, all associated records must be deleted first.

Viewing users

After setting up new system user groups, view the users that are associated with user groups on the User Groups form.

To view users:

Select Administration > Security > User Groups.
Select the user group for which to view users, and then click the "Users" tab.
View the user information.

Granting interface permissions to user groups

Specify the functions to which user groups have access and specify the permission levels for each function.

To grant interface permissions to user groups:

Select Administration > Security > User Groups.
Select the user group for which to grant interface permissions, and then click the "Interface Permissions" tab.
Click "Add Permission".
"Function": Enter the function to set up for this user group. The system automatically populates the function description.
Select one or more of the following options to determine the level of interface permissions for the user group:
- "Query": Select to allow users to retrieve records.
- "Update": Select to allow users to update records. Users must have query permission to update records.
- "Insert": Select to allow users to insert new records.
- "Delete": Select to allow users to delete records. Users must have query permission to delete records.
Click "Submit".

Note: When you unselect Query, the system automatically unselects Update and Delete. When you select either Update or Delete, the system automatically selects Query.

Add and delete inboxes for user groups

To add inboxes to a user group (see screenshot below):

Select Administration > Security > User Groups.
Select the user group for which to add an inbox, and then click the "Inbox" tab.
Click "Add Inbox" ([+] icon).
"Inbox": Enter the inbox name. The system automatically populates the inbox description.
"Sequence Number": enter the sequence number in which the Inbox report should appear.
"Folder": choose the folder in which the Inbox report should be listed.
"Auto Refresh": select if the report should update automatically when any data change. If not selected, new data will appear upon refreshing the Inbox.
Click "Submit" (floppy disc icon).

To delete an inbox for a user group (see screenshot below):

Select Administration > Security > User Groups.
Select the user group for which to add an inbox, and then click the "Inbox" tab.
Select the Inbox to delete
Click "Delete Inbox" (litter bin icon).

Add and delete KPIs for user groups

To add KPIs to user groups:

Select Administration > Security > User Groups.
Select the user group for which to add an KPI, and then click the "KPI" tab.
Click "Add KPI" ([+] icon).
"KPI": Enter the inbox name. The system automatically populates the inbox description.
"Sequence Number": enter the sequence number in which the KPI should appear.
"Auto Refresh": select if the KPI should update automatically when any data change. If not selected, new data will appear upon refreshing the KPI box.
Click "Submit" (floppy disc icon).

To delete a KPI for a user group (see screenshot below):

Select Administration > Security > User Groups.
Select the user group for which to add an inbox, and then click the "KPI" tab.
Select the KPI to delete
Click "Delete KPI" (litter bin icon).

Add and delete charts for user groups

To add charts to user groups:

Select Administration > Security > User Groups.
Select the user group for which to add an KPI, and then click the "Charts" tab.
Click "Add Chart" ([+] icon).
"Chart": Enter the inbox name. The system automatically populates the inbox description.
Click "Submit" (floppy disc icon).

To delete a Chart for a user group (see screenshot below):

Select Administration > Security > User Groups.
Select the user group for which to add an inbox, and then click the "Charts" tab.
Select the Chart to delete
Click "Delete Chart" (litter bin icon).

Granting work order authorization permissions to user groups

Specify the web services to which user groups have access and specify the permission levels for each web service.

Note: You only need to grant work order authorization permission to user groups if the JTAUTH installation parameter is set to YES -> see Installation parameter management.

To grant work order authorization permissions to user groups:

Select Administration > Security > User Groups.
Select the user group for which to grant work order permissions, and then click the "WO Authorizations" tab.
Click Add Authorization.
WO Type Select the work order type for which to grant permissions.
Select one or more of the following options to determine the level of work order permissions for the user group:
- Insert Select to allow users to insert new work order records of this type.
- Update Select to allow users to update work order records of this type. Users must have query permission to update records.
- Delete Select to allow users to delete work order records of this type. Users must have query permission to delete records.
Click Submit.

Granting store transaction permissions to user groups

Grant permissions for user groups to perform store transactions such as issuing and returning parts, transferring parts to stores, inserting physical inventory transactions, and updating stock records for parts.

To grant store transaction permissions to user groups:

Select Administration > Security > User Groups.
Select the user group for which to grant store transaction permissions, and then click the "Store Security" tab.
Click "Add Store".
"Store": Enter the store for which to grant security rights. The system automatically populates the store description and Store Org.
Provide the following information:
- Issues/Returns: Select to allow users to issue parts from this store and to return parts to this store.
- Store-to-Store Issues (From Store): Select to allow users to transfer parts from this store on the Quick Store-to-Store Transfer form and the Store-to-Store Issues form.
- Store-to-Store Receipts (To Store): Select to allow users to transfer parts to this store on the Quick Store-to-Store Transfer form and on the Store-to-Store Receipts form.
- PO Receipts/Supplier Returns: Select to allow users to insert, update, or delete PO receipts for this store on the PO Receipts form and on the Supplier Returns form.
- Physical Inventory: Select to allow users to insert or update physical inventory transactions for this store on the Physical Inventory form.
- Non-PO Receipts: Select to allow users to insert, update, or delete non-PO receipts for this store on the Non-PO Receipts form.
- Create Stock Records with Qty > 0: Select to allow users to add a new record to the Stock page of the Parts form with Qty. > 0 or Qty. for Repair > 0.
- Update Stock Records: Select to allow users to update Qty. on Hand on the Stock page of the Parts form.
- Scrap Parts from Stock: Select to allow users to scrap parts directly on the Scrap popup.
Click Submit.

Granting screen-level permissions to user groups

Grant screen-level permissions for data manipulation. Screen authorization for user groups is critical to database security and data integrity.

Note: Because even the system administrator can be locked out of Infor EAM, it is important to allow at least one other person, in addition to the system administrator, permission to the Users form.

To grant screen-level permissions to user groups (see screenshot below):

Select Administration > Security > User Groups.
Select the user group for which to grant screen-level permissions, and then click the Screen Permissions tab.
Click the plus sign (+) beside the menu and/or submenu you wish to view. The system expands the menu and/or submenu and displays the folders and screens that reside at various levels below the main menu and/or submenu structure. Note: Click the minus sign (-) to collapse the menu.
Select the screen to which to apply screen-level permissions. Screen Permissions becomes unprotected.
- Note: If a screen has tabs in addition to a List View page and Record View page, select the tab to which you want to apply screen-level permissions.
- "Tab Available" and "Tab Always Displayed" become unprotected if the tab is available at the screen level.
- If you select a screen or tab that has system-defined security, certain fields will remain protected. For example, the Issue/Return Parts deletes are not allowed.
Select one or more of the following attribute options to determine the level of permissions authorized for the user group:
- "Query: Select to allow users to retrieve data from the database.
- "Insert: Select to allow users to insert new data into the database.
- "Update: Select to allow users to update data previously retrieved from existing records in the database. Users must have query permission to update database information.
- "Delete: Select to allow users to delete data from the database. Users must have query permission to delete data from the database.
- "Tab Available": Select to make a tab available to the user group.
- "Tab Always Displayed": Select to display the tab to the user group at all times.
- Note: If the user group has Insert or Update permissions to a screen, the user group must also have Query permissions to that screen.
- Note: When you unselect Query, the Update and Delete check boxes are unselected. When you select Tab Always Displayed, Tab Available is selected.
In "Security Filter", specify the necessary Dataspy to prevent the user group from accessing specific records.
Click "Submit".

Set up menus for user groups

To set up menus for user groups (see screenshot below):

Select Administration > Security > User Groups.
Select the user group for which to set up menus, and then click the Menus tab.
View the tree structure, and then click the plus sign (+) beside the menu and/or sub-menu you wish to view. The menu and/or sub-menu are expanded, and then the folders and screens that reside at various levels below the main menu and/or sub-menu are displayed.
- Note: Click the minus sign (-) to collapse the menu.
In Available Screens, select the screen to add to the menu structure.
Drag and drop the screen name into the desired menu structure location on the tree structure. The number of screens applied to the menu structure are verified. If less than 30 screens exist, the screen is added to the tree structure and expanded to illustrate the level of the screen as necessary. Also the screen is inserted into the Screen Permissions table and the Tab Permissions table as necessary.
- Note: If you drop a screen into a sub-menu folder, the screen is added as the last child of the sub-menu folder. If you drop a screen to another screen, the screen is added directly below the existing screen. You may also drag and drop main menu folders, sub-menu folders, and screens within the tree structure.
- You cannot make a higher-level item subordinate to a lower-level item, i.e., you cannot move a main menu folder to the Screen level.
- When you delete a menu item, the screen is also deleted from the Screen Permissions table and the Tab Permissions table as necessary.

Creating a menu structure for user groups is critical to database security and data integrity. The menu structure is displayed in a tree structure that extends to four levels:

one Main Menu level -> may contain up to seven items
two Sub-Menu levels -> may contain up to 30 items, either folders or screens
and one Screen level -> may contain up to 30 items, but the items must be screens

Show a folder, screen, or tab that is hidden in the tree structure (see screenshots below)::

Select Administration > Security > User Groups.
Select the user group for which to show menu items, and then click the Menus tab.
Select the folder, screen, or tab to show, and then click "Show Menu Item".
Click "Save Record".

Hide a folder, screen, or tab that is displayed in the tree structure (see screenshots below)::

Open the User Groups form.
Select the user group for which to hide menu items, and then click the Menus tab.
Select the folder, screen, or tab to hide, and then click "Hide Menu Item".
Click "Save Record".

Add main menu folders (see screenshots below)::

Select Administration > Security > User Groups.
Select the user group for which to add main menu folders, and then click the Menus tab.
Select the main menu-level menu structure to which to add a folder, and then click "Add Main Menu Folder".
- The system checks to determine if a main menu-level menu structure is selected on the tree structure and displays the Add Main Menu Folder popup.
- Note: You cannot add a main-menu folder to the Sub-Menu or Screen level.
"Label": Enter the name of the new folder.
Click "Submit".

Note: The system adds the main-menu folder directly below the existing main-menu item.

Add sub-menu folders (see screenshots below)::

Select Administration > Security > User Groups.
Select the user group for which to add sub-menu folders, and then click the Menus tab.
Select the main menu folder or sub-menu folder menu structure to which to add a folder, and then click Add Sub-Menu Folder. The system checks to determine if a main menu folder or sub-menu folder menu structure is selected on the tree structure and displays the Add Sub-Menu Folder popup.
- Note: You cannot add a sub-menu folder to the Screen level.
"Label": Enter the name of the new folder.
Click "Submit".

Note: If you add a sub-menu folder to a main-menu folder, the system adds the sub-menu folder as the last child of the main-menu folder. If you add a sub-menu folder to another sub-menu folder, the system adds the screen directly below the existing sub-menu folder.

Change the label name of any menu item in the tree structure (see screenshots below):

Select Administration > Security > User Groups.
Select the user group for which to change label names, and then click the Menus tab.
Select the menu item for which to change the label name, and then click "Change Label".
"New Label": Enter the new label of the menu item.
Click "Submit".

Change screen tab orders to change the order that the tabs appear on the screen (see screenshots below):

Select Administration > Security > User Groups.
Select the user group for which to change screen tab orders, and then click the Menus tab.
Select the screen for which to change the tab order, and then click "Change Tab Order".
"Error Message": Any error messages associated with the tab are displayed.
Click "Submit".

Copy menus from one user group to another user group (see screenshots below):

Select Administration > Security > User Groups.
Select the user group to which to copy menus, and then click the Menus tab.
Click "Copy Menu". To Group is automatically populated with the current user group.
"From Group": Specify the user group from which to copy the menu.
Click "Submit".

Defining status authorisations for user groups or users

System administrators define status change authorisations for user groups for activities such as approving work requests, completing work orders, approving purchase requisitions, and approving production requests.

To define status authorisations for user groups:

Select Administration > Security > Status Authorisations.
Click "Add Authorization" ([+] symbol)
"User Group": Select the user group for which to define status authorisations.
"User": Select a specific user from this group, for which to define status authorisations;
1. the asterisk user * implies that the status autorisation is given to all users of this group. In this case, the autorisation is not user specific (-> 8)
2. when another user name is entered, the status authorisation is only valid for this user; in this case, the autorisation is user specific (-> 8)
"Entity": Select the entity for which to define status authorisations.
"From Status": Enter the status from which to change authorisations. The system automatically populates the description.
"To Status": Enter the status to which to change authorisations. The system automatically populates the description.
"User Specific Auth.": when a user name is given (not *), the authorisation can be made specific this user by selecting the checkbox. If not selected, the authorisation is valid for all users of the group.
Click "Save Record" (floppy disc symbol).

To delete status authorisations for user groups or users:

Select Administration > Security > Status Authorisations.
Select the authorisation to delete.
Click "Delete Authorization" (litter bin symbol)

Currently active user groups

As of May 2025, the following user groups are active in the Hexagon-production environment of HiSERV:

User Group Description Department Requestor GSE_AC Accounting HISERV NO GSE_ADMIN Administrator HISERV NO GSE_CO Chief Officer HISERV NO GSE_COM Commercials HISERV NO GSE_COMH Head of Commercials HISERV NO GSE_COMM Commercials, Restricted HISERV NO GSE_CON Controlling HISERV NO GSE_PM Product Manager HISERV NO GSE_PM_ADMIN PM Admin HISERV NO GSE_PU Purchasing HISERV NO GSE_TEC Technician HISERV NO GSE_TRP Transport HISERV NO GSE_WSA Workshop Administrator HISERV NO R5 MAIN USER GROUP OF R5 * NO R5DEFAULT DEFAULT * NO R5REQ Main requestor user group * YES