Robert,Very good question that I’m sure will prompt a few opinions. I like using the out of box security groups as they provide a good base for incorporating changes to permissions. If you aren’t very familiar with Project Server security you might want to copy/create your own so that you can validate what you are changing. It would be a bit of work (and a bit of risk to make sure you duplicate them correctly), but using out of box security groups/categories won’t cause any issues with future releases. Hope that helps.
I was always told to leave the default groups intact even if you intend to create your own groups and categories. In the MSPE book on Project Server administration, they have a “Best Practice” box which states:
“MSProjectExperts recommends that if you do not need any of the default groups that ship with Project Server 2010, that you set the description for those groups to “Not Used.” If you do not wish to use a group, simply remove any users included in the Users section of the group. You can create a replica of each standard group using Security Templates if you do not alter the templates. This is a strategy you can apply both before and after the first time you make changes to the built-in security groups.”
I would also recommend adding groups and categories to your administrative back-ups. If you accidentally delete one, there’s no way to get it back unless you do.