In the Epic system, which records govern the access and capabilities of a user?

A user's access and capabilities in Epic are determined by their User record. This record stores who the person is, their login, and the security permissions and roles assigned to them. Based on what’s in the User record, Epic decides which modules and features the user can see, which patient data they can view, and which actions they can perform. Why this fits best: the User record is the centralized container for a user’s security profile—roles, privileges, and access scopes—so it directly governs what the person can do in the system. The other options don’t define who a user is or what they can do: beds relate to patient location data, provider records hold information about clinicians, and the Rule of Specificity is a security principle for resolving overlapping permissions rather than the record that stores user access rights.