Central Enterprise Manager Tool (CEMT) security settings allow you to control security settings for database connections. Set up users, assign users to groups, assign permissions to user groups, and enter a lock date for procedures, payments, adjustments, and exam sheets.
- CEMT users are different from regular Open Dental users. Their Open Dental permissions are based on their CEMT permissions and can only be set from within the CEMT, not within the database connection.
- Because the Central Manager database (dbcentral) contains information about multiple connections, including encrypted passwords, we advise placing extra security around the MySQL installation. Edit the MySQL service and change the logon information from local system to a specific user. The database files can then be encrypted by Windows while still allowing the MySQL service to run when the proper Windows user is logged in. See MySQL Security.
To access CEMT security settings, on the Central Manager main window, click Setup, Security.
CEMT users permissions are set from the CEMT, not individual databases. Users list on the left. Every user is part of a user group and each group is assigned Permissions. When you click on a user, all users in the same user group highlight red and the group's permissions show on the right.
Create or Edit User Groups
- On the Central Manager User Edit window, click Edit Groups.
- Click Add, or double click a group to change its name or delete it.
- Enter the user group description, then click OK to save.
Note: To permanently delete a user group, click Delete (it cannot have any users).
Add or Edit a User
- On the Central Manager User Edit window, click Add User or double click an existing user to edit.
- Click the User tab.
- Enter the user's unique user name in the box.
- Highlight the user group. Note: The user name must be unique so that syncing with a database connection does not cause issues.
- On the User Edit window, click Create Password (or Change Password).
- Enter the user's current password (blank if it is new).
- Enter the new password. Note: Passwords show as asterisks (*).
To show the New Password as text, check the Show box.
- Click OK to save.
The password is contained in dbcentral as a hash. This means there is no way to decrypt the password by looking in the database, and there is no way to recover a lost password other than deleting it from the database directly.
Users can also change their own passwords while logged on. See Logging on the CEMT, Changing Passwords for the Logged On User.
Unlock an Account
After more than five consecutive failed attempts to log on to Open Dental or the Mobile Web, a user will be temporarily locked out for five minutes or until the account is manually unlocked.
- On the User Edit window, click Unlock Account.
- Click OK. A confirmation will show.
- Click OK.
The user can attempt to log on again.
Subscribe to Alerts
For more information see Alerts. When subscribed to an alert, a user will receive alerts for all clinics.
- On the User Edit window, click the Alert Subs tab.
- Highlight the alerts to subscribe the user to.
- Click OK to save.
Removing a User
Users can't be deleted, but you can hide their user profile so they do not show when logging in to the CEMT.
- On the User Edit window, check Is Hidden.
Permissions are assigned to user groups.
- Highlight a user in the user group. All users in the group will highlight red.
- Check/uncheck the Permission boxes on the right. Checked means the permission is allowed; unchecked means the permission is blocked. To automatically check all permissions except Security Admin, click Set All.
Set Lock Dates
Lock dates prevent users from editing of procedures, patient payments, insurance payments, adjustments, and exam sheets after a certain date. They also prevent backdating of new items. You can lock information by a specific date, or in a certain amount of days:
- Date: Changes will only be allowed if they occur before this date.
- Days: Changes will only be allowed within this amount of days from the original entry date.
- Lock includes Admins: Check this box to apply the lock date limitation to users in the Admin user group.
- Central Manager Security Lock: Check this box to block users from entering Global Lock Dates on local databases.
Lock dates set in the CEMT tool can be applied to database connections, thus overwriting any local Global Lock Dates. See Syncing Security Settings below.
Sync Security Settings
Syncing security settings will apply the settings to database connections. The Sync Code of the CEMT database lists under the list of permissions. This unique code applies to this CEMT database only. All database connections which can be synced to the CEMT database will have this same code listed under Setup, Miscellaneous, Sync code for CEMT.
There are three sync options:
- Sync All: Sync all security settings (user, user groups, alert subscriptions, permissions, and lock dates).
- Sync Users: Sync only users, user groups, alert subscriptions, and permissions.
- Sync Locks: Sync only lock dates. This will override any local Global Lock Dates.
When you select a sync option, a list of database connections will show.
Select the database connections to sync security settings with, then click OK to sync.
You can also sync security settings from the main Central Manager window.