I'm having a little difficulty understanding your current scenario. When it comes to setting a session variable based on a value in a record for a user this is a feature of Security Assist. In the authenticate user server behavior on the last step you can configure session variables based on the values for that users record. So if you store the UserGroup value in the user's record then you can have this value stored in a session variable on login. You get to name this session variable yourself so you can use the one from your example.
You could then conditionally show, or hide areas of the navigation or have entirely different navigation depending on the value of this session variable.