Skip to main content
Post a question

Notifications

Announcements

🌸 Community Spring Festival 2025 Challenge 🌸
News and Announcements icon
Community site session details

Community site session details

Session Id : DaO1QlBHPgMBjOlg1hyPRN
Dynamics 365 Community / Forums / Microsoft Dynamics AX (Archived) / How to prevent IT from...
Microsoft Dynamics AX (Archived)

How to prevent IT from seeing payroll

Like (0) ShareShare
ReportReport
Posted on 20 Jan 2016 04:07:39 by Goloknath

We are setting up AX now, and trying to integrate payroll, hr and financing.  However, it seems the UT administrative staff can therefore see our payroll if they really want to.  Any advice?  

*This post is locked for comments

  • Martin Dráb Profile Picture
    Martin Dráb 232,672 Most Valuable Professional on 25 Jan 2016 at 05:28:39
    RE: How to prevent IT from seeing payroll

    It depends on the definition of "system administrator". It's possible that the reseller means "System Administrator" role in Dynamics AX while I was referring to people working as system administrators.

    "System Administrator" role in Dynamics AX indeed grants a plenty of permissions in Dynamics AX. But a system administrator backing up AX database, for example, doesn't have to be assigned to "System Administrator" role in AX.

  • Goloknath Profile Picture
    Goloknath on 25 Jan 2016 at 02:52:06
    RE: How to prevent IT from seeing payroll

    From the reseller

    For considering the confidentiality of the payroll module, unless you don’t assign a role for system administration.  Otherwise it is almost impossible that the system administrator cannot see data stored in the database.  However, you can still choose to use the HR module but not payroll.

    Can you translate this?  i get what you are saying martin, but he is saying the administrator will be able to see everything...

    Thanks for the help

  • Verified answer
    Martin Dráb Profile Picture
    Martin Dráb 232,672 Most Valuable Professional on 20 Jan 2016 at 13:02:16
    RE: How to prevent IT from seeing payroll

    If you require somebody to have access to everything, then this person obviously can access the payroll data (because that's a subset of "everything").

    But:

    1. There doesn't have to be and shouldn't be a single person having access to everything. That's what segregation of duties it's all about.
    2. Nobody needs access to everything to perform any particular task, therefore you should ask what tasks "IT administrative staff" will perform and analyze what permissions they need for that.
  • Goloknath Profile Picture
    Goloknath on 20 Jan 2016 at 12:50:30
    RE: How to prevent IT from seeing payroll

    Ok, I understand.  They dont in fact have to have passwords to be administrators.  WEll then, who does hold the keys to the overall system?  

    sorry for the silly questions.

    my reseller told me that could be an issue, and i wanted clarification here.

  • Martin Dráb Profile Picture
    Martin Dráb 232,672 Most Valuable Professional on 20 Jan 2016 at 12:34:47
    RE: How to prevent IT from seeing payroll

    Yeah, administrators, but administrators of what? Do they really need to have the passwords (regardless of which passwords you mean)?

    If you accept that will have access to everything, then you just gave it up and the discussion is over.

  • Goloknath Profile Picture
    Goloknath on 20 Jan 2016 at 12:29:00
    RE: How to prevent IT from seeing payroll

    They are the administrators.  My AX partner said if they have the passwords, they can then access key data.  

  • Martin Dráb Profile Picture
    Martin Dráb 232,672 Most Valuable Professional on 20 Jan 2016 at 05:25:05
    RE: How to prevent IT from seeing payroll

    You didn't tell us what your "IT stuff" do. They don't need any access to data to maintain servers and perform database backups, for example.

  • Suggested answer
    Prashant Singh Profile Picture
    Prashant Singh 8,797 on 20 Jan 2016 at 04:23:05
    RE: How to prevent IT from seeing payroll

    Dear isaacrose,

    You need create separate role with the help of SDT (Security development toll). Which will allow you to make no access to payroll module to them. Otherwise if they have system admin rights they can see anything available in the system.So hide those forms or module completely. From those users.

    For your reference :

    www.youtube.com/watch

  • Goloknath Profile Picture
    Goloknath on 20 Jan 2016 at 04:08:13
    RE: How to prevent IT from seeing payroll

    IT adminisrative staff can therefore see our payroll if they really want to.  Any advice?  

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

🌸 Community Spring Festival 2025 Challenge 🌸

Quick Links

🌸 Community Spring Festival 2025 Challenge 🌸

WIN Power Platform Community Conference 2025 tickets!

Jonas ”Jones” Melgaard – Community Spotlight

We are honored to recognize Jonas "Jones" Melgaard as our April 2025…

Kudos to the March Top 10 Community Stars!

Thanks for all your good work in the Community!

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 293,659 Super User 2025 Season 1

#2
Martin Dráb Profile Picture

Martin Dráb 232,672 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,158 Moderator

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans