Payroll security - not quite secure
Hi Folks
Locking MYOB components to various users - especially payroll.
Staff seem to find a way to find out what other peers are paid with the potential to start spark disharmony.
Typically, MYOB users in a company, are of mixed seniority with the pay officer generally an administrator and users on their staff with MYOB access being locked out of MYOB payroll.
This happens in my company - staff cannot see payroll or any component.
However, a hole in the payroll armour came to light from a client asking me about allowing a new member higher access but NOT payroll.
The **bleep** - was if you lock a user out of payroll, totally - but allow them ability to prepare electronic payments in purchase access - then by default - that component in payroll gets ticked.
This, then allows a user with this access to see queued electronic payments - single or multiple and to see the total paid to each staff member ( however, they cannot open the payslip - just see the total paid.
If the have access to the bank account - which is inherent in the electronic payment permission they can see electronic payments (pays) to find out a staff members net pay.
I have just checked whether they can see emails with payslip - no they can't.
Am I missing something or is this a **bleep** in the permissions for payroll - if so a big one.
The Doc