Hi Epicor User Group! I am new here, we are a new customer going through Implementaiton.
We are going SaaS so we should be on the latest and greatest version, using web based as much as possible.
I am an IT admin as a day job, so more or less know a thing or two about basic IT concepts. However feel free to expound on topics if you might be unsure if I know a thing 
Implementation hasn’t really hand held me through creating new users, in fact during this phase they keep pushing me to make the users like full admins of everything so they can do settings while we are in early phase. I am no huge fan of getting into the habit of making all users full admins, YUCK!
Does anyone have a good feel for like a “Best practice” or at least base settings for a general use user? Should I be using groups to drive permissions? Is that even an option?
Groups are the way to go. Head to Security Group Maintenance. I am not sure what groups are in there by default, but we have groups for: AP, AR, Admin, Data Collection, Engineering, Materials, Office, Shipping, Supervisors and more.
Next, go over to User Account Security Maintenance. Here you can set each user to be a member of one or more groups. Normally, I set all users to be part of the data collection group, as that is our bare minimum. These users only have access to the data entry form
Once you setup the groups and users you would like to have, you can use the Menu Maintenance to set the individual forms (or entire menu branches) to use the security groups you created. Since all users may use vastly different forms in Epicor, it is hard to say what each user will need access to. Start small with a general, all-purpose account that everyone that gets into Epicor will be a member of. This group should have access to what you consider to be the bare minimum.
I haven’t seen any official best practices when it comes to how to setup the groups, or what security levels each group should have. Security can be really tricky in Epicor, so make sure you always check all three places: Security Group Maintenance, User Account Maintenance, and Menu Maintenance.
If you can’t figure out a specific menu permission, run the Menu Security Audit Report. This report is huge, so do your best to filter for a smaller subset of data.
Good luck!
Name the groups with a leading underscore (the descriptions, especially). I want to say the manual tells you to do this, or at least it implies it. It makes the groups float to the top.
Never add users to menu security; add only groups to menu security.
I broke this rule frequently at the beginning and I regret it now. Nothing terrible, but when you clone an existing user, it clones their group assignments, but not the one-offs in Menu Maintenance (or whatever it is called now). I have been fixing that for the last couple years.
Great points Jason! I should have set our groups to use the underscore! We still have some menus with individual users assigned permissions. Every time I find this, I try to replace it with groups that will fulfill the same goal.
I think it’s just the description, so you can change it any time.
Wow thanks gang! So nice of you to provide very useful information so quickly. Great to see a community like this I can participate in.
Don’t forget to add yourself (and other new users) here!