In QuickBooks Enterprise v21, Intuit released a feature called Data Level Permissions for Platinum and Diamond Subscribers. The feature was designed to provide additional security regarding roles and permissions for users, primarily to limit access to records and transactions.
In September 2020, I wrote about this feature as part of my QuickBooks 2021 New Release Series. It was based on pre-release versions of the products that had been made available during Alpha/Beta product development.
At that time, the functionality was limited to providing more granular access to controlling the ability to view, edit or delete specific customer or vendor data from all users or QuickBooks Enterprise roles.
Near the end of that article, I predicted the feature would continue to be expanded and that it would not be long before it could be used with Employees to provide granularity to employee records and payroll.
Intuit actually released an enhancement to the feature related to Employees in its R4 update in mid-December 2020, but I never really wrote anything more than the release notes.
Recently, someone wrote asking if anything had been done regarding improving Employee/Payroll record restriction in QuickBooks Enterprise. I remembered that Release update, so I thought I'd check the feature out.
I began to explore this feature using Enterprise v22 (rather than v21) and discovered the capability to use Data Level Permissions for Employee data/transaction record security. This includes the ability to control viewing Payroll information that was just as robust as it was for customers/vendors in my original testing and article.
Since the process for setting-up Data Level Permissions related to Employees is the same from a procedural standpoint as that outlined in my September 2020 article (on customers/vendors), I don’t intend to go into the specific steps in this article.
But I want to show you both the New (or Edit) Role for an Employee set-up and the Custom Define record level permissions windows for an Employee set-up—and how they differ from those of either a Customer or Vendor.
So, once you have logged into QuickBooks Enterprise as the Administrator and gone to Company >> Users >> Set up Users and Roles and entered the Admin password so you can set up Users or Roles, select the Role List tab.
When you create a New Role, it must be for Data Level Role-Employees, like the one I am showing in Edit mode (shown below).
Image captured from QuickBooks Enterprise v22
Notice (in the above graphic) that this role must be set up for Employee Center with a Custom Activity Access Level. Click the Define button to access the list of employees or employee groups you wish to set Data Level Permissions for. (Note: Because the above illustration is the Edit view, the Define button has been replaced by an Edit button, but they both do the same thing.)
The wizard will take you through the steps of either selecting employees or creating employee groups, and then selecting those groups so you can configure permissions.
The Role Access window (illustrated below) for the new Data Level Permission has been configured with two employee groups.
In this case, all Regular Employees can only View Employee information; they cannot modify, delete or print it, nor can they view payroll information. But management Employees can view, modify, delete, print and view payroll information. (Note: Payroll-related permissions still control the ability to perform Payroll tasks.)
Image captured from QuickBooks Enterprise v22
The results of these Data Level Permissions essentially are the same as those for customers/vendors. Both access and reporting are limited in the same manner.
Users with the appropriate permissions will have access; those without the proper data-level permissions will not have access.
Is it perfect? No. Is it better than we had before this option came along? Absolutely.
A word (or two) of caution. Don't go jumping in head first with this feature. Before you start using this in your own Company File, I suggest you do the following things:
- First, experiment with these Data Level Permissions in a QuickBooks Sample File that has employees and simulated payroll so you can test alternative configurations of Roles and Permissions.
- Second, use a COPY of your own QuickBooks Company file in a test environment (sandbox) so you can test alternative Role and Permission configurations you feel will work best for your own business.
- Only when you are completely satisfied with a final test configuration should you move forward to implementing the Data Level Permissions you identify will work.
Best of luck.
Like what you're reading?
Subscribe to our FREE newsletter and we'll deliver content like this directly to your inbox.