How to Configure HR21 Security During Payroll Processing

Use HR21 Security to Avoid Locking Out Users

Configuring HR21 security to enable access during a payrun has long been a challenge for many organisations. It’s been so topical that I recently wrote a blog about it – Locking HR21 Users During Payroll Processing – is it Necessary?

In fact you can do this very easily! Most functions in HR21 can still be accessed by employees even when you are running a pay. There are just a few areas of concern that you will want to make secure. In particular leave approvals which will create Leave Taken (LVE) records and bank details updates.

To secure these, go to the Privileges (ATT) form and enter the profile name you use for your HR21 security. Then search for the form ID of the page in HR21 that you want to secure. For instance, to stop leave approvals select the LAP record on ATT. Once you have brought up the LAP record on ATT, change the Access Level for the General field to 4.

HR21 security

Access for Self stays at 1. This means that employees will still be able to request leave while the payroll is being done. The General access field controls what managers can access. So this is set to 4 (enquiry) and manager’s will be unable to approve leave because the approvals radio button will be read only and unable to be clicked. The Update link will also be greyed and won’t be able to be clicked. When the payroll is finished, just change that field back to the original setting. Manager access is restored and they will once again be able to approve leave.

For any non-workflow forms that you want to secure you will need to change the Access for Self field. This will stop employees from changing their own records. For instance, to stop bank details from being changed during payroll processing, select the PYD record on ATT and change the Access for Self field to 4. Change this back to the original setting when you have completed the payrun.

You will need access to Chris21 security to perform this function. If you can’t get full security access you can either ask the administrator to do this for you each pay or you could ask for a ‘cut down’ level of access. Your administrator should be able to configure your access so that you can only change specific records on ATT.