What to segment by in VLANs?

A typical general best practice to read about is to put user data and management on separate networks/vlans. (The short Cisco answer I read).
So Windows end-user devices could be on one, and SSH to router/switches, etc. network management on another, great.
But, beyond that, would it then be normal to put things like UPS, Windows servers, and other administrative web access on the same management vlan?.
I guess in the end it's up to one self.
One can could put it all into almost "catagorys" of vlans, and make sweeping firewall rules for each network, or make fine grained rules.
What do you do?.