Payroll - Options for File Access and Application Security
The payroll application can be one of the most sensitive applications within the Datafile system with heavily restricted access requirements. In considering access rights you will need to consider not just the menu applications within Datafile but also other files such as HMRC communication files.
Menu Options - The Payroll application is typically one of the options on the main menu. As part of the menu design options within the CONFIG user-sign on you can set password and authority level settings against the Payroll option to restrict access.
Datafile Premier users can configure individual users to have their own menu and can restrict the appearance of the Payroll menu option to nominated user(s).
Each user has an assigned authority level. Levels run from ‘0’ for the highest user level to ‘9’ for the lowest. Which options each authority level has access to is configurable through the menu design and the Security and User Manager options.
Security and User Manager – whilst a user may have access to the Payroll application on the menu you can further restrict options within Payroll if required.
Ledger Enquiry Manager – Employee enquiry options can be available via the Ledger Enquiry.You can remove access to the Ledger Enquiry or set an authority level for access via the Applications Allowed function within the Ledger Enquiry manager.
Depending on enquiry screen layouts Diamond and Premier users may wish to allow access to the enquiry but restrict access to the Document reprint functions – Enquiry Configuration options within the Ledger Enquiry manager allow you to set authority levels for the transaction enquiry options.
Location of Databases, Documents and Associated Files
Within the Datafile system the application databases are usually stored within the DATA folder.For Payroll you may wish to consider storing the databases in an alternate location – on a restricted access area on your network for example.
Available within the Installationmenu the Location of Files options allow you the set the file path/name for the payroll application files. If you reference (and move) the payroll files to an alternate location on your network, you can discuss with your hardware support adviser restricting user access to this location.
If set to save payslips or other payroll documents to the employee saved documents file you may wish to set the saved documents folder to this same location. The saved document folder can be defined within the Controls & Audit Manager.
The Ledger Enquiry option for Associated Files saves employee documents to a PRUSER folder within the defined MSWORD INI setting. The PRUSER folder can be set using network policy for restricted access.
As part of the payroll operation options are available to send FPS/EPS real-time information files to the HMRC. In addition, the Data Provisioning Service function will retrieve information from the HMRC. These files are usually stored within the standard Datafile folder structure.
RTI files – RTI files by default are held in the working folder for the system. You can set an alternate path for these files within the Payroll System Profiles within the Installation menu.
DPS Files – the Data Provisioning Service message files are saved in a HMRC folder off the main DATA folder for the system you can discuss with your hardware support adviser restricting user access to this location.
As part of your payroll process you may wish to email employees their payslip. Payslips are created as PDF files and sent as attachments on email. Options exist as part of the Document Design for the payslip to reference a data item, perhaps the employee NI number, as a password for access.
If printing P45 to a PDF form, the document is created in a folder Completed_Forms off the main Datafile folder. After printing you may wish to move or delete these files.Alternatively, you can discuss with your hardware support adviser restricting user access to this location.
If print an employee report or document to the disk spooler then you should set the config options for disk spooling to spool by user-id so spool files are not shared amongst all users.We would also recommend clearing down spool files once printed.
If you print an employee report or document to Microsoft Excel, Microsoft Word, PDF or Email then the file attachment is saved in the report folder for your user-id. These files should be cleared when no longer required or archived to a restricted user access location.
- Release ID: Standard