Has anyone experienced the security settings for users mysteriously changing?? We are getting ready to upgrade to 12.2 and I was reviewing user profiles today to make sure they were all up to date. I noticed that many users had settings that they should not have. Some nurses and receptionists had provider privileges. Home locations for users have also randomly changed. I put an SR in with GE but said it may be a day or two before I get a response. I tried to run an audit report to determine who may have changed these settings or when it might of happened but I get zero results. The report doesn't even populate the changes I have made today to take away privileges from the users who should never have had them......
The audit reports aren't the easiest to use. I find it more useful to query SQL.
First thought: Don't underestimate the impact of careless administrators. There are plenty that do not care about security and will grant privileges just to make a complaint go away quickly.
Second thought: The fill down button really needs a warning, and even an option to disable it.
Another thought: Check for any surprises in who has the edit security privilege.
I think its more than just a careless administrator granting privileges to specific users because majority of our users had their settings changed and quite a few were granted privileges to all groups.
What is the fill down button you are referring to?
I went to look for it to get a screenshot and can't find it. Perhaps they removed it and I missed it.
It's still in report security though.
The fill down button used to overwrite all child security branches with whatever was assigned in the parent branch. A change on the Main Menu (the very top level), then the fill down button would overwrite all security settings with whatever is granted for main menu.
There is a fill down option in the Reports module for PM. Could that be what you may have been thinking about?
Linda
The fill down button definitely used to be in user security also. I'm not sure when it disappeared. Perhaps with CPS 12.
I have noticed the same thing after updates. I initially thought it was someone giving people access as well. Physical therapists could give meds, front desk had signing privileges, staff had access to administration. I secretly took the rights away from everyone to do anything in admin and it stopped. Even though I spoke with everyone individually and "not a sole changed anything."
Billing still has complaints about things being changed after updates though.
I agree that it could be related to an Administrator changing things, but I do have a question. Do you have your CPS linked to your Active Directory (AD)? Any security settings, and any changes, can affect your CPS security if you have it linked.
We have also previously seen odd things with our Security Groups in AD and how they translate into our Centricity. If Group 1 has access to A, B, D, G in Centricity and Group 2 has access to A, C, G, and Group 3 has access to B, E, F and your user is a member of all 3 groups then your user should have access to A, B, C, D, E, F, and G, but we have seen some things that they should have access to and didn't and some things they shouldn't have but did. So a long time ago our CPS Security person decided to minimize our Security Groups to a few key groups and they try to eliminate any cross over whenever possible.
We are AD integrated.
We have 1 AD security group with the edit security privilege and that's it. No security groups are members of that group. Only trained CPS security administrators.
We have slowly been going down the path of creating CPS AD security groups associated with specific permissions sets in CPS. For example, we have a scheduler security group with appropriate CPS permissions for that role, then we assign to or remove from the scheduler security group as those duties are assigned to or revoked from a user.