Set user permissions for STP

Overview

You can control what a user can see/do once they had opened the Single Touch Payroll Manager Tool via appropriate configuration of the STP User Profile Internal Company Permissions makeup table linked to the user's User Profile record.

Finalisation Event permissions are set at "Payer" level, so if multiple internal companies have the same ABN and Branch (i.e. same payer), then the permission applied to one internal company in the "payer" group will be used for all other related internal companies.
Pay Event permissions are set a "Internal Company" level but has the ability ensure the system respects a security query applied to the Periods entity of the user's Security Profile.
IMPORTANT: Any user that has access to the Single Touch Payroll Manager Tool will need their Security Profile and User Profile to be configured as instructed in this topic.

Accessing the Single Touch Payroll Manager Tool

Any user that needs to complete any one of the following tasks will require their Security Profile to have "Edit" access to the Single Touch Payroll Manager Tool:

Submit an event
View submission content (i.e. data sent to the ATO)
View messages (e.g. errors) relating to a submission

Please ensure each authorised user has their security profile updated before making the first submission.

STP_Security_Profile

Controlling a user's STP permissions

Without configuring this table, a user will not have access to any submissions for any internal company/payer, even if access to the Single Touch Payroll Manager Tool has been granted in their Security Profile.

To allow any access to submissions for a Payer, a new permission record must be created for at least one of the Internal Companies associated with that Payer.

UserProfileStp

Field	Details
Internal Company Code	Select an internal company that represents the payer a user requires access to.
Can Finalise	This field controls the ability to do the following in the the Single Touch Payroll Manager Tool. Access the Finalisations tab and Payer EOFY Summary tab Create, View and take action Finalisation Events for the payer linked to the selected internal company If you do not want a user to access finalisations for any payer, please ensure this field is set to "No" for ALL STP User Profile Internal Company Permissions applied to this user.
Access level	This field controls what access a user has to Pay Event submissions and for which pay periods associated with the selected Internal Company. The options are: None - Pay submissions for any pay period linked to this internal company are not visible. Unrestricted - Pay submissions for any pay period linked to this internal company are visible. Restricted - The visibility of Pay submissions for this company is determined by the Security Query applied to the Pay Period on the user's Security Profile. For the pay periods an employee has access to, they will be able to view submission details and messages as well as send/resend/cancel related pay event submissions. Note: Using the "Restricted" option is recommended for all users that have a Security Query applied to the Pay Period entity on the user's Security Profile Example: You have your executive and salary/wage employees on separate pay periods but the pay periods have the same internal company. And, you don't want the person who manages processing/closing of pays for the salary/wage employees to access the executive employees. Recommended setup: Can Finalise = No, Access Level = Restricted.

Verify Environment Readiness

Overview

Once you have completed the following tasks you can check the state of your environment by running the an STP environment verification Power Shell script.

MYOB SLL Certificate is installed
Secure Outbound Port is open
HR.ini file has been updated
PayGlobal.Business.Net.dll.config file includes the correct Host and Thumbprint

What does the Power Shell script do?

The script verifies that the host environment and critical PG configuration are already for the PayGlobal application to communicate with the MYOB SBR service for online tax reporting.

The script verifies the following:

Network connectivity over the standard secure port
The secure connection to MYOB SBR service
A valid and current certificate is correctly installed
The Crypto Protocols supported and enabled by the operating system
The company is enabled for online tax reporting
The application configuration for the related version

Where do I find the Power Shell script?

Go to the STP_Readiness_Check.zip file - this zip is included as part of your PayGlobal installation package.

Inside the zip is file called verify_stp.ps1 you need to extract this file and all other files in this zip file into the same directory as your PayGlobal Application.

IMPORTANT: Read the Readme.txt file before continuing.