Forum Discussion

Jojo7's avatar
Jojo7
Experienced User
6 months ago

PAYROLL SECURITY BREACH VIA CONTACT LOG/IMPORT-EXPORT/CUSTOM REPORTS

We find it extremely concerning that despite certain roles within MYOB having no access to payroll privileges, users can access payroll/employee information through the contact log of the employee cards, they can export employee information and they can access customised payroll reports through the custom reports tab leaving employees/employers open to a breach of security.

 

I have read a couple of the "recommended" fixes for the contact log issue but it is hardly a solution!

The usage of this platform is becoming so limited because the privilges within the roles are not well enough defined by any standards. 

Just a few examples........

*Sales and dispatch staff are unable to use the Contact Log function for customer cards because we have to remove that privilege to protect employee information stored in the employee card file.

*Sales staff can no longer utilise the My Custom Reports or they will have access to any number of custom payroll reports that have been created (again breaching employees security) as they will do any other customized reports.

*The office administrator, who is responsible for the import/export of inventory items to maintain our pricing can no longer have access to the import/export function due to the ability to export employee cards and information when they do not have payroll privliges as part of their role. Yet another breach of employee security.

 

These short comings / failures by MYOB are to such an extent that I doubt we will be able to continue to use your platform.

 

I would also bet that many users wouldn't even be aware of how exposed they are with the MYOB set up!

 

It's really not good enough and I don't think we would be the only ones feeling like this.

  • Earl_HD's avatar
    Earl_HD
    MYOB Moderator

    Hi Jojo7,

    Thank you for your post. We understand the importance of data security and role privileges. MYOB takes the privacy and security of our clients’ business data very seriously.

     

    Regarding your concerns about role privileges, each user in MYOB has one role, and a role gives a user access to a set of entitlements. Each entitlement gives certain permissions to the user to perform certain functions. Most entitlements give the user full permissions to all functions on that entitlement. Some entitlements provide restrictions to what permission the user has, such as Read-Only or Read & Write. An administrative user can use both ARL and MYOBB to manage user roles. KB

     

    We understand your concerns about the limitations you've encountered with the current role privileges setup.

    Feel free to post again if you have further queries and one of us will be happy to help!
    Regards,
    Earl