Forum Discussion

The_Doc's avatar
The_Doc
Ultimate Partner
4 months ago

Payroll security - not quite secure

Hi Folks

 

Locking MYOB components to various users - especially payroll.

 

Staff seem to find a way to find out what other peers are paid with the potential to start spark disharmony.

 

Typically, MYOB users in a company, are of mixed seniority with the pay officer generally an administrator and users on their staff with MYOB access being locked out of MYOB payroll.

 

This happens in my company - staff cannot see payroll or any component.

 

However, a hole in the payroll armour came to light from a client asking me about allowing a new member higher access but NOT payroll.

 

The **bleep** - was if you lock a user out of payroll, totally - but allow them ability to prepare electronic  payments  in purchase access - then by default - that component in payroll gets ticked.

 

This, then allows a user with this access to see queued electronic payments - single or multiple and to see the total paid to each staff member ( however, they cannot open the payslip - just see the total paid.

 

If the have access to the bank account - which is inherent in the electronic payment permission they can see electronic payments (pays) to find out a staff members net pay.

 

I have just checked whether they can see emails with payslip - no they can't.

 

Am I missing something or is this a **bleep** in the permissions for payroll - if so a big one.

 

The Doc

4 Replies

Sort By
  • Celia_B's avatar
    Celia_B
    MYOB Moderator
    4 months ago

    Hi The_Doc,

     

    Thank you for your post and sorry for the late response. 

     

    Sorry to hear about having difficulty in providing access to your employees. You will need to filter on what access you want to provide to your employee. AccountRight includes a selection of default roles. It is also possible to add new roles and modify the permission of existing one. If you want to give your employees access to all features, you will need to assign them as an Administrator role. We have a Help Article: Set up roles, which includes more information.

     

    Please contact us again if you need further assistance or if you have questions or concerns. 

     

    Kind Regards, 

    Cel

     

    • Freman's avatar
      Freman
      Trusted Partner
      4 months ago

      Good grief Celia_B you have not answered his/her question, instead you appear to have copied and pasted the boiler plate stock answer for anything to do with general user permisions. Are you an AI perhaps and pickout only key words? :smileywink:

    • The_Doc's avatar
      The_Doc
      Ultimate Partner
      4 months ago

      Hi Celia_B

       

      As per Freman ( thanks for yourr  candid reply) reply - you have not answered my question.

       

      I am quite aware of roles, new or existing - you perhaps are not - perhaps you could read my question then provide an answer - and in providing an answer appropriate to the question you will perhaps realise that there is a hole in your roles security.

       

      The Doc ( he)

      • Genreve_S's avatar
        Genreve_S
        MYOB Moderator
        4 months ago

        Hi The_Doc

         

        I hope you're doing well.

         

        Thank you for your response and I apologize if the previous response from Celia_B was too general.

         

        From my understanding, if an employee can prepare electronic payments from purchases, they will also have the ability to prepare electronic payments from payroll. The clearing account for electronic payroll payments is the same as the clearing account for electronic payments for suppliers. This is why the "prepare electronic payments" window in payroll is the same as in the purchases tab. There are also instances where businesses batch electronic payroll payments with purchase payments, hence the design.

         

        At present, the only option is to customize the role of the employee to exclude access to the "prepare electronic payments" window.

         

        If you believe this should be set differently, I recommend posting this as a suggestion on the AccountRight Ideas Exchange board.

         

        Thank you once again for your valuable feedback.


        Thanks,
        Genreve