How to prevent IT from seeing payroll

(0) Share

Report

Posted on by Community Member

We are setting up AX now, and trying to integrate payroll, hr and financing. However, it seems the UT administrative staff can therefore see our payroll if they really want to. Any advice?

*This post is locked for comments

I have the same question (0)

All responses (9)

Answers (1)

Community Member on at

Like (0)

Report

IT adminisrative staff can therefore see our payroll if they really want to. Any advice?

Was this reply helpful? Yes No
Suggested answer

Prashant Singh 8,802 on at

Like (0)

Report

Dear isaacrose,

You need create separate role with the help of SDT (Security development toll). Which will allow you to make no access to payroll module to them. Otherwise if they have system admin rights they can see anything available in the system.So hide those forms or module completely. From those users.

For your reference :

www.youtube.com/watch

Was this reply helpful? Yes No
Martin Dráb 237,880 Most Valuable Professional on at

Like (0)

Report

You didn't tell us what your "IT stuff" do. They don't need any access to data to maintain servers and perform database backups, for example.

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report

They are the administrators. My AX partner said if they have the passwords, they can then access key data.

Was this reply helpful? Yes No
Martin Dráb 237,880 Most Valuable Professional on at

Like (0)

Report

Yeah, administrators, but administrators of what? Do they really need to have the passwords (regardless of which passwords you mean)?

If you accept that will have access to everything, then you just gave it up and the discussion is over.

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report

Ok, I understand. They dont in fact have to have passwords to be administrators. WEll then, who does hold the keys to the overall system?

sorry for the silly questions.

my reseller told me that could be an issue, and i wanted clarification here.

Was this reply helpful? Yes No
Verified answer

Martin Dráb 237,880 Most Valuable Professional on at

Like (0)

Report
If you require somebody to have access to everything, then this person obviously can access the payroll data (because that's a subset of "everything").

But:

There doesn't have to be and shouldn't be a single person having access to everything. That's what segregation of duties it's all about.

Nobody needs access to everything to perform any particular task, therefore you should ask what tasks "IT administrative staff" will perform and analyze what permissions they need for that.

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report

From the reseller

For considering the confidentiality of the payroll module, unless you don’t assign a role for system administration. Otherwise it is almost impossible that the system administrator cannot see data stored in the database. However, you can still choose to use the HR module but not payroll.

Can you translate this? i get what you are saying martin, but he is saying the administrator will be able to see everything...

Thanks for the help

Was this reply helpful? Yes No
Martin Dráb 237,880 Most Valuable Professional on at

Like (0)

Report

It depends on the definition of "system administrator". It's possible that the reseller means "System Administrator" role in Dynamics AX while I was referring to people working as system administrators.

"System Administrator" role in Dynamics AX indeed grants a plenty of permissions in Dynamics AX. But a system administrator backing up AX database, for example, doesn't have to be assigned to "System Administrator" role in AX.

Was this reply helpful? Yes No