Use only Security Groups, never use Employee ID
In Epicor 9 there are hundreds of individual menu items. Setup Security Groups and assign these security groups to each employee. An employee can have multiple security groups assigned. The bigger the company more security groups might be needed.
I recommend starting out with something like the following but terminology depends on the company:
|FinCFO||Finance – CFO/Manager|
|FinAP||Finance – Accounts Payable|
|FinAR||Finance – Accounts Receivable|
|FinFA||Finance – Fixed Assets|
|FinPR||Finance – Payroll|
|SalesMgr||Sales – Manager/CMO|
|SalesPer||Sales – Salesperson|
|PurMgr||Purchasing – Manager/CPO|
|PurBuyer||Purchasing – Buyer|
|QAMgr||QA – Manager/CQO|
|QAInsp||QA – Inspector|
|MfgCOO||Manufacturing – COO|
|MfgMgr||Manufacturing – Shop Manager|
|MfgEmp||Manufacturing – Shop Employee|
|WHMgr||Manufacturing – Warehouse Manager|
|WHEmp||Manufacturing – Warehouse Employee|
The non-managers (Planner, Buyer) have access to particular menu items in the General Operations menus and reports. The managers generally have access to the menu items in the Setup menus also. A company may want a buyer to be able to create suppliers and part, so the above generalities are not written in granite.
Your company may have employees for each of these security groups or you may only have one person in accounting. If you have only one person in accounting then you would need to give that person the CFO, AP, AP, GL and PR security groups. As you company grows and you hire a new accounting person to take over AP and AR, you give that person AP and AR and remove it from the existing person. There no need to go look at hundreds of menus to determine security.
If you hire a new buyer you give that person the Material Buyer group and you are finished. Again there is no need to look at hundreds of menus to determine the security of the existing buyer. There is usually the case where there are multiple people is a position and one of them has a couple added menu items. It is very tempting to give them a standard security group and then add the employee ID to the extra menus. I recommend in that case, create a lead security group and handle it that way.
Each new release you need to research whether any menu items have been added and setup the correct security groups.