We are trying to limit staff that have access to Administration to be able to View ones security rights but not be able to make ANY security changes.
Does anyone know exactly what rights they should be given? Or what should be taken away?
Thanks,
Judy
Everyone should set security permissions before allowing any users in. Back when we started using Centricity, GE didn't touch on it. All users had permission to pretty much everything. IMHO this could open GE up to some liability for a breach, but I digress.
System security is managed under administration. Expand System > User and Resource Management > Users > Security, then select "Security by Permission." That is the most common way I manage permissions.
If you use active directory integration this is a lot easier when you use AD security groups to manage permissions.
I've included a screenshot. Notice that we have one single security group allowed to manage privileges. Only staff specifically trained in managing security is added to that security group due to a history of well-meaning administrators not realizing the impact of changes they were making.
There is a "fill down" button that erases all branch permissions and replaces it with your changes without confirmation. If you click the button it's done. Depending on the size of your practice, you could easily create anywhere from 4 to 40 or more hours of work for yourself just by clicking "fill down."
So don't click "fill down" unless you are very sure you know what it will do.
FYI Report security is managed in the reports module. It is also usually set to allow anyone that can login to pull all kinds of financial and patient reports. Don't forget to lock it down appropriately as well.
Thanks so much... We have been having issues with those that do have the right with changing things or adding things to individual staff and we would like to lock it down for a while so this helped tremendously. Do you also know of any audit that will provide us the information of who did the changing?
Again, Thanks.
I believe if you have auditing enabled for "Change a security setting" then the user making the change will generate a log event. We don't have any good crystal reports set up to view the audit logs to share with you. We usually query the database directly to review audit logs.