While no expert, I’ll take a shot at what I have experienced:
To access E10, you need a User login. This is the primary point for authentication. The User record controls authorization through Security Groups or toggles on this record. A User entry is required for Requisition Entry.
User Name must be unique in addition to the UserID.
Tables: Erp.UserFile and Ice.UserFile. The Ice version is where the real action is (encrypted password, etc.) and the Erp version is a copy of used for non-security information.
This represents a person who can report time and/or expenses. It doesn’t require a matching User entry when using MES but it is mandatory when using the Time/Expense Apps. It may also be associated with a Supplier entry in order to pay expenses back to the employee.
Employee Records hold labor rates and there can be multiple rates based on role for Projects. There is also Department/Shiift/Resource and G/L Controls to help with labor/burden reporting.
Employee name and ID must both be unique.
A Work Force record is used for workflow within E10. It appears that Epicor initially developed workflow within the Sales cycle as the Workflow record is actually stored in the Erp.SalesRep table. As Workflow moved to other areas (ECO, Case, Time and Expense approval, …) the Workflow entry included non-sales people. Each Work Force entry has a role and task approval can be restricted to members of a particular role. In order to act as a Work Force entry, the logged-in user must be an Authorized User of that Work Force record.
In the role of Sales Person, the Sales Territory uses Work Force entries to provide limited visibility to customers and their activity if required.
Work Force ID and Name must be unique.
This represents someone who is authorized to create purchase orders or approve purchase orders. Like Work Force, it requires Authorized User(s) for someone to act in the role of that buyer record.
Buyer Name and ID must be unique.
Tables; Erp.PurAgent, Erp.PurAuth
This record is used by Global Alert and Shop Warnings to associate with them with particular Alert Groups. These do not have to be Epicor Users.
This record represents a person - anywhere. Think of it as a CRM person entry - as Epicor does. However, not only does it link to Customers and Ship-Tos but also to Suppliers, Users, Work Force, Buyers, Employees and Payroll. This contains GDPR sensitive data.
(This is a normalized table within Epicor!)
Tables: Erp.Percon, Erp.PerConLnk
I’m sure I’ve missed some things but this gets the conversation started…