Assign Security Classifications to Organization Roles
Security Classifications can be used to grant the same security to a group of users such as all users with the same role. Assigning security to roles rather than individual users will make it easier to create and update security settings. The consultant and client should work together to define the roles within the organization taking care not to combine roles. Security classifications can then be created for each role.
Security Gates are at the organizational level and simply control whether a function can be resticted or not.
Security Codes can be assigned to a user or classification and allow users with that classification to pass through the corresponding security gate.
For example if the gate 'printchart' is on, only users assigned the corresponding security code can print charts. If the gate is off than all users can print charts.
High Level Process:
- Define organization roles
- Decide which security gates will be turned on for the organization
- Create a security classification for each role
- Add appropriate security codes to the classification
- Assign classifications to users
- Turn on the security gates
Assigning Security Classifications to a user in TW will allow you to easily view the data you'll need when assigning the Security Classifications via SSMT. You'll see this when we extract the data.
Access 'Sec Admin' workspace
Login to TW as TWAdmin
Select 'Sec Admin' in the VTB
Select 'Security' tab in the HTB
Choose 'Security Classification' from the 'Security Setup' Drop Down Menu
Create a New Security Classification
Click Add (lower left)
Enter GHS ROLE as the NAME Enter GHSrole as the CODE
(What do 'Inactive', Patient Security' and 'Enforced' do?)
Highlight GHS ROLE
Click the 'Assign Codes' button. (Button in lower left of lower window, scroll down to view if not visible)
For example: To grant all security access except 'Chart-PrintChart' to this new classification called GHS ROLE. We would simply move everything from "Available Codes" to "Current Selection" except for 'Chart-PrintChart' using the Down Arrow.
Assign Security Classification to a User via TouchWorks
- Highlight the classification you wish to add the user to
- Click 'Assign Users' button
- Search for the user you want to assign
- Highlight the user
- Move the user down to the bottom section using the "down Arrow"
You should now see your user as one the of "Assigned users" in the Assign user box.
Assign Security Classifications to Users via SSMT
In the above example a new security classification was created and assigned to a user via the 'Sec Admin' Workspace.
The following example shows how to take a classification assigned to one user and assign it to others.
1. Extract the 'User Security Classifications' data from TouchWorks via SSMT
2. Paste the extracted data into Excel
3. Search for the security classification you wish to assign under "Access Group Entry Name", in this example 'GHS ROLE'. If you know of a user with the classification you wish to assign you can search for that user. In this example the security classification GHS ROLE has been assigned to idamon.
4. Insert a new row for every user you want to add this Security Classification to.
5. Copy the user's existing data into the newly inserted row and change the "Access Group Entry Code" and the "Access Group Entry Name" values to the new classification based on the already assigned user. In this example to GHSrole and GHS ROLE. (see examples in bold below)
6. Load the data back into TouchWorks via SSMT
Verify data loaded properly
- Login to TouchWorks as TWAdmin
- Click on TWUser Admin on the VTB
- Search for a user you added the Security Classification GHS ROLE to in SSMT. For this example I will use adermott.
- Verify GHS ROLE appears in the Security section for this user.
Allscripts KB Article 3136 v11.0.1 ITT TouchWorks Security Guide