Setting User Security

Setting User Security

Estimated reading time: 5 min

The Options and Setup > User > Security Tab allows you to set access levels for each user (within various areas) of RxWorks.

Security Pointers

  • Only give each user access to areas with which they need access to do their job.
  • Do not extend access to a person simply because they have gained extra trust, or because they have been around for longer.
  • Do NOT give staff access to the System Controller account. We recommend that even the practice manager maintains a personal account with limited access so that no one is using the System Controller account for day to day tasks.
  • Consider setting up user profiles based on your staff “roles”. For example, you might choose to give no one (including the practice owner) access to any high-level reports from their own log in. You could create a special user profile to access high level reports using a special password. By doing this, you keep complete control over who is dealing with those reports, but can still delegate responsibility without the worry of someone else making use of the SUP account.

The Security Access Levels Explained


Set a field to “None” to block the user from this part of the program. If the user is set to “None” on the Patient page, then this page will not be displayed amongst the Client/Patient information.


Setting a field to “View” limits the user to viewing the information displayed on a page only. A user with “View” access cannot edit or change the information.

If any attempt is made a warning will be generated that indicates the user’s security is not high enough.

Modify-2 (Relates to Fees)

Setting a field to “Modify-2” allows the user to change the printed name, deactivated date, defaults and set the item to charge default. In attachments, the user can only work on labels and handout details. In the stock control tab, the user can set things like critical level, ideal level, lasts from and lasts until.

Modify-3 (Relates to Fees)

Gives the user the same the rights from “Modify-2”, but also allows then to alter the price details on the product or service.


Allows the user to edit all aspects of the page they are using. When looking at fees, the user is able to add/ edit/ clear fields and then save. It is important to note that while a record cannot be deleted, the information contained in that record may, in fact, be removed.


Giving a user permission to delete allows them to delete any record they are viewing.
However, if a user tries to delete a record, they will be prompted to confirm if they REALLY want to proceed.
The user must physically type “YES” in order for the delete to proceed.
Reserve this level of permission for the System Controller only. Access to delete records is dangerous and can be costly.

Do NOT give staff access to the System Controller account. We recommend that even the practice manager maintains a personal account with limited access so that no one is using the System Controller account for day to day tasks.

Reports Access

Each report can be assigned a level of security that corresponds to a user’s level of reports access – You might want to prevent some of your staff from viewing sensitive information about your business.
There are 9 levels of report security in the program. Generally the SUP or Practice Manager login has full access to all reports by getting a Reports Access level of 9.

Report Security Access Levels

Each user is given a level of access to view reports, starting with 1.

Each report is given its own level of security, generally starting with 1.
You can access and set report security levels by clicking on the SETUP button for each report.

Using the example above, if a user is assigned a reports level of 3 or higher, they will be able to view this individual report.
However any user that is assigned a reports level of 2 or lower will be locked out of this reporting function.

Database Queries

RxWorks allows you to specify whether a user can run ‘ad hoc’ queries.
You might want to prevent staff from viewing sensitive information about your business.
Setting this preference to “None” under a users SECURITY tab will simply prohibit staff from running mail merge (Reports F) or database queries (Reports G).

Clinic Security

Applicable to multi-clinic operations.
This option will allow you to restrict users from logging into different clinics.

Click on CLINIC SECURITY from a user’s security tab.

In the new window that appears, you will see this list of clinics this user is restricted to.

To ADD a restricted Clinic

  • Click ADD CLINIC.
  • Select the clinic you would like to restrict this user to.
  • Click OK.
  • Click DONE.

To Reset Clinic Access for a User

  • Click on FULL ACCESS.
  • Click DONE.

Setup Options Access

Each user is given a level of access to the setup options of the program. You can control whether individual staff are able to change the settings for the following areas:

  • Clients
  • Patients
  • Visits
  • Financials
  • Clipboards
  • Counter Sales
  • Reports & Page Setup
  • Products and Services
  • Users
  • Clinic Details

The level of access to these areas can be determined by setting the security within each access level.
This sounds confusing, but this screen illustrates how you can do this.
Here we can see that the access level of 5 is tailored to allow different levels of access in Options/Setup.
You may decide that if staff are given an options access of 5, they will be able to modify the settings and characteristics in the following areas of RxWorks:

  • Client page
  • Patient page
  • Visits page
  • Clipboards
  • Products and services

But they can only view what the current settings for the following:

  • Financial Configuration
  • Counter Sale
  • Reporting and Page setup
  • User setup
  • Clinic details

You could set the access levels for each area to none. This would prevent any user from even looking at the way RxWorks is setup.
When the user tries to access Options/Setup, the following message would be displayed.

RxWorks Audit Trail

If disaster strikes and a record is deleted or modified in the wrong way, you can always check the system audits. This area allows you to trace every change that has been made by every user.
When logged in as SUP, simply go to the menu and select audits.

This area will allow you to view any changes or deletions made to the following areas of the program:

  • Client details
  • Patient details
  • Visit information
  • Fees and Item descriptions
  • Invoices charged
  • Receipts taken
  • All changes made
  • All till listings generated

Investigate the audit trail in detail, by clicking on the audit entry that interests you.

Sort By Column

You can sort each column by clicking on the column heading.
So if you wanted to see all the edits to the fees made by user “MF”:

  1. Select the tab for Fees
  2. Click on the column heading for user
  3. Scroll down till you find the initials for the user “MF”

Reports from the Audit Trail

You can generate some helpful reports from the audit trail that will help analyse the changes that have been made to your data.

This function is also available in Reports > C5 > Audits and Security.

Last Modified Audit

On each of the Client, Patient and Visit Screens, you can find out the last user to modify the page by right clicking anywhere on the grayed portion of the page and selecting “Last Modified”.

This will show the user ID of the user who last modified the screen. Keep in mind that if you have already modified the screen, it will return your user ID.
Also, remember that overuse of the SUP user ID will render this function impotent.
It will also show the creator of the page.

Was this article helpful?
Views: 0