Users, Groups, Roles, and Security Administration

Use Users, Groups, and Roles to manage authentication, application access, feature permissions, data visibility, and security contacts in Epicor FP&A. User administration includes creating users, assigning licenses, managing instance access, organizing users into groups, assigning roles, and configuring security contacts.

You can access Users from the Administration section of the Left Nav pane.

In this article, we will cover:

Users, Groups, and Roles Overview

The Users, Groups & Roles area provides administrative control over application access and permissions.

Area Purpose
Users Create and maintain user accounts.
Groups Organize users into groups for easier administration.
Roles Control feature access, Excel access, and administrative permissions.

Licensed and Unlicensed Users

Users can be:

  • Licensed users who can sign in to the application.

  • Unlicensed users who can use limited functionality such as report subscriptions.

Understanding Security Responsibilities

Roles, data access, and workflow security serve different purposes.

Administrators Role

The Administrators role controls what users can do in the application. It determines which administrative features and menu options are available.

Membership in the Administrators role does not grant access to application data.

FullAccess Role

The FullAccess role controls what data users can see. Users in this role have unrestricted access to system data.

FullAccess removes data access restrictions but does not grant administrative permissions.

Organization and Workflow Security

For most users, data access is controlled through Organization & Workflow assignments and hierarchy-based security.

Creating a User

  1. From the Left Nav pane, select Users.

  2. The Users & Groups page is displayed.

  3. Select the Users tab.

  4. Select New User.

  5. Enter the required user information.

  6. Select the appropriate License Type.

  7. Optional: Select Send an invite email.

  8. Select Create User.

    The system creates the user account and applies the selected license type.

Managing Users

Disabling a User

  1. Open the user record.

  2. Clear Enabled User.

  3. Select Save.

Deleting a User

  1. Open the user record.

  2. Select Delete.

  3. Confirm the deletion.

  4. Save the changes.

    Deleting a user permanently removes the account.

Resetting a Password

  1. Open the user record.

  2. Select Reset Password.

  3. Generate a new password.

  4. Optional: Select Send invite email.

  5. Select Save.

Password Requirements

Passwords must contain:

  • At least 8 characters

  • At least one digit

  • At least one special character

  • At least one uppercase letter

  • At least one lowercase letter

Assigning a User to Additional Instances

Users can be granted access to additional instances owned by the same customer.

Assigned Instances Tab Availability

The Assigned Instances tab appears only when:

  • The user belongs to a Home Instance.

  • The customer owns multiple instances.

The tab is not available for users who are already assigned to a non-home instance or when only one instance exists.

Assigning an Additional Instance

  1. Open Users.

  2. Double-click the user.

  3. Open the Assigned Instances tab.

  4. Select Assign to Instance.

  5. Select the target instance.

  6. Confirm the assignment.

    The user can access the assigned instance through My Instances.

Renewing Expired Instance Assignments

Global Administrators can renew expired user assignments in bulk.

Renewing Expired Users

  1. Open Users & Groups.

  2. Select the Users tab.

  3. Select Renew Expired Users.

  4. Select the users to renew.

  5. Confirm the action.

    The system extends the assignment expiration date by one year from the current date.

Renewal Rules

  • Only users with Assigned License Type are eligible.

  • Only Global Administrators can perform bulk renewals.

  • Expired assignments remain unavailable until renewed.

Creating a Group

Groups provide an optional method for organizing users. In many implementations, groups are not required.

Creating a Group

  1. Open Users.

  2. Select the Groups tab.

  3. Select New Group.

  4. Enter the Group Name.

  5. Enter the Display Name.

  6. Select Save.

Adding Users to a Group

  1. Select the group.

  2. In Group Settings, select Add (+).

  3. Select the users.

  4. Save the changes.

Disabling or Deleting a Group

Disabling a Group

  1. Open the group.

  2. Clear Enabled Group.

  3. Select Save.

Deleting a Group

  1. Open the group.

  2. Select Delete.

  3. Confirm the deletion.

About Roles

Roles control feature access, Excel access, and administrative permissions. Both users and groups can be assigned to a role.

System Roles

The following system roles are created automatically and cannot be deleted.

Role Purpose
All Users Automatically includes all active users and controls default functionality and Excel access.
FullAccess Provides unrestricted access to application data.
Administrators Provides administrative access to the application.

Creating a Role

  1. Open Users.

  2. Select the Roles tab.

  3. Select New Security Role.

  4. Enter the role name.

  5. Select Save.

Deleting a Role

  1. Open the Roles tab.

  2. Select the role.

  3. Select Delete.

  4. Confirm the deletion.

Adding Users or Groups to a Role

  1. Open the Roles tab.

  2. Select the role.

  3. Open the Members tab.

  4. Select Add Members.

  5. Select the users or groups.

  6. Select Apply.

  7. Select Save.

Removing Users or Groups from a Role

  1. Select the role.

  2. Open the Members tab.

  3. Select the users or groups to remove.

  4. Select Remove.

Configuring Feature Access

Use the Features Access tab to grant or remove application functionality.

Grant Feature Access

  1. Select a role.

  2. Open Features Access.

  3. Select the features to grant.

  4. Select Save.

Removing Feature Access

  1. Open Features Access.
  2. Clear the features to remove.
  3. Select Save.

Configuring Excel Access

Excel access is managed similarly to Feature Access through the Excel Access tab.

Examples of Excel permissions include:

  • Excel Access

  • Mobile Access

  • Send Data

  • Send Status

  • Open Assignments

  • Open Shared Workbook Library

  • Open Shared Report Library

  • Report Editor

Configuring Report Access Permissions

Three feature permissions control report-related actions.

Permission Description
Report Editor Open and edit existing reports. Cannot create reports.
Report Creation Create new reports and copy reports. Cannot edit existing reports.
Personal Report Creation Create personal report copies editable only by the current user.

Configuring Security Contacts

Security Contacts identify the people responsible for security, privacy, and data access activities. These contacts are assigned through Organization & Workflow positions.

Data Access & Connection Administrator

Responsible for:

  • Data access requests

  • Source system connection issues

  • Data integrity issues

  • Availability issues

  • Source data access issues

This role is also referred to as a Data Subject Access Request (DSAR) Administrator.

Data Protection Officer

Responsible for:

  • Data protection compliance

  • Privacy incident notifications

Security Administrator

Responsible for responding to security incidents.

Optional Security Settings

Additional security settings can be enabled by contacting Support.

Available options include:

  • Account lockout after five failed sign-in attempts.

  • System-generated passwords sent directly to users.

  • Password history restrictions.

  • Password expiration after 90 days.

  • Password recovery through corporate email.

  • Idle session timeout after 15 minutes.

Deploying Users and Roles Changes

After making changes to users, groups, or roles, deploy the configuration.

Deploying Users and Roles

  1. Select the user menu in the upper-right corner.

  2. Select Deploy.

  3. Select Users & Roles.

  4. Select Start Deploy.

Switching User

Administrators can view the application as another user.

Switching User

  1. Open the user menu.

  2. Select Switch User.

  3. Select the user to impersonate.

Best Practices

  • Use the Administrators role for application administration only.

  • Use the FullAccess role only for users who require unrestricted access to data.

  • Manage most data access through Organization & Workflow security.

  • Use groups to simplify role assignments when managing large numbers of users.

  • Deploy Users & Roles after making security changes.

  • Review report permissions carefully when granting report creation or editing rights.

Was this article helpful?