Surprise Benefits of Using EPIC Security Groups
Technology | By Gene Paxton, Technology and Operations Manager, BancFirst Insurance Services | Oct 24 2023
Assigning, maintaining and tracking permissions at the user level can be an overwhelming, frustrating and time-consuming task. This is especially the case if you have more than just a few users. In any case, EPIC Security Groups provide opportunities to simplify things. Security Groups provide the tools to group user accounts together and then assign permissions to all of the members of the group. Users can be members of as many different groups as needed. Most agencies usually only consider using Security Groups for user permissions, but Groups provide other opportunities as well. In this article, I explore a few of these opportunities.
Setting up Security Groups
Security Groups are created and maintained in EPIC from the Configure -> Security section. Click Configure from the main navigation and then click Security. Select “Security Groups” from the sub-menu. From here you can add, manage or delete your groups. For a new group, you basically only need to know what permissions you want the Security Group to provide, if any, and the members of the group. I recommend making the description pretty detailed so you can easily recognize its purpose.
I don’t assign any individual permissions in our agency. Every permission is assigned by a group. I have groups that only contain one member as that person performs a specific task that no one else does. I have groups that define one task but with multiple members. If that task changes to a different person, then it is just a member change on the group. Super simple.
You can create as many groups as you may need as there are no limits, and a user can be in as many groups as needed. In our agency, we create groups to achieve the various goals that Security Groups provide so the composition of those groups vary. Some groups are for specific functions, while some groups are for roles. Others simply group members by location/office and department — for signatures and other features so read on.
Manage Signatures Access
Security Groups can be created to provide access to signatures. If you have teams, groups or locations that need access to producer signatures or each other’s signatures, a Security Group can be created with the appropriate group members. The signature access permissions are assigned in the employee records on the “Personnel” tab. If an employee signature has been attached, you will be able to assign who can use that signature. You can grant this access to a Security Group rather than a list of individuals. From that point on, managing signature access is done by adding or removing members of the Security Group and assigning the signature access in the employee records. I created a Security Group for each office and department (P&C and Benefits). The groups contain no permissions and are only used to manage signature access and visibility settings — read on to learn more.
Unclutter Your Menu With Visibility Settings
There are certain things that some users don’t need to see on their menus, such as most of the configure menus, the G/L menu, etc. Also, if there are applications that some users don’t use, they don’t need those cluttering up the menus and clicking on things they can’t use. Visibility settings provide the tool to hide those applications, and they support using Security Groups to assign those settings, so you can hide some things from one group and show them to others. Visibility settings are also accessed through the Configure -> Security section. Select “Visibility Settings” from the sub-menu. Visibility settings can get pretty complex if you aren’t careful, so I recommend keeping it simple. I have a “Hide Nothing” profile that contains the Administrative and Accounting groups and a “Servicing” profile that hides the accounting and administrative items. My “Hide Nothing” group is defined as “Open” which allows it to integrate with other profiles settings. The “Servicing” profile is defined as “Closed" so those members see only what that profile allows.
Simplify Security Permissions
This is the purpose most administrators think of when Security Groups come to mind. There are many ways to set up permissions groups — by role, by department, by function, etc. It requires some thought and planning, but once the group is in place, maintenance becomes simpler. For instance, you may want to allow a particular group of users to be able to work the download suspense. In this case, there are only a few permissions needed, but the list of users will most certainly change over time. Searching out those permissions, removing them from certain users and then adding them to the new users is time consuming and a hassle. Security Groups to the rescue. Set up a group for processing suspense, add the users as members and assign the permissions. When the members change, it is a simple task. An added benefit is that it is easy to determine who has those permissions by simply looking at the members list.
HINT: If permissions are set up such that they only exist in a single permissions group, then managing those permissions involves working with only one instance and not having to run reports to find everywhere it is used.
Define Bank Account Access
Managing bank account access is critical, and it also can be an auditing issue. EPIC provides the ability to define the bank account access using Security Groups. If bank account access is only provided through Groups, and not individually, then you can easily determine who has what access by looking at the members of the groups. For the most granular tracking, I recommend creating a separate group for each bank account and function — reconciliation, disbursements, etc. Auditors like it when you demonstrate these controls.
Group and Display Links
Links also provides for the use of Security Groups to group links together to display for selected users. This is defined in Configure -> Links. Select Groups from the sub-menu. When adding a new link group, give it a name and click the “Selected” radio button. Click the + to add members and select the “Security Groups” radio button in the “Add Members” panel. When adding the links to include, you will see a list of existing link groups as well as links that have not been grouped. You can select an existing group and then cherry-pick the links you want to include from that group into your new one.
Security Groups to the Rescue
If you have not explored the options that EPIC Security Groups provide, I highly recommend that you do. I have found it to be an effective time-saver and stress-reducing tool. Assigning items I mentioned at the individual level is confusing, frustrating, time consuming, prone to error and will get worse over time. Using Security Groups has simplified managing these processes and given me back time to implement other ideas. I feel confident that our permissions are correct and are easily managed and reported. The auditors appreciate the structure and process. My administrator life is just better using groups.
Tags: Technology , IT Tips