Payroll Database Access - Benefits vs Drawbacks

Benefits and drawbacks to one-directional Payroll database access?

Didn't find your answer?

Hi All,

 

Hope all is well with you.

 

I am investigating the benefits and drawbacks of one-directional queries directly to a companies payroll database.

 

To elaborate on the above, at present access to the database is held by the Payroll Team and a few individuals in Finance.

 

To access the database (maintained by the IT deparment, provided by an external supplier), users utilise the Graphical User Interface (GUI) which achieves the goals however has its limitations when producing regular reports.

 

It is however possible for a one-directional download of data through querying the database directly which would allow opportunities for improved automated reporting (such as automated Leaver reports or recording aging for GDPR reviews).

 

From a security perspective, access would be specifically granted to the current trusted users and the queries could only be run by those users. The information output would be largely the same as from the GUI and stored with the same compliance procedures. From a data integrity perspective, both the IT deparment and the software supplier agree there would be no impact on the system and information only flows downhill (no uploading to the database).

 

What are your thoughts on the matter? I can see the benefits in improved automated reporting on demand, but have not heard of any instances of this before (though I believe in the general direction towards database models and outputs as an industry trend).

 

Unsure of the GDPR complications - its the same database access but through a different method - so I would assume not an issue as long as the current policing of the database is GDPR compliant.

 

Many thanks,

 

Coeus.

Replies (3)

Please login or register to join the discussion.

avatar
By paul.benny
20th Aug 2019 11:24

What’s the problem here? You’re granting some users read-only access to payroll data. As long as the access is appropriately managed, there are no inherent control issues.

It’s more about what data you let users access and how you control that user population.
- How do you manage access to ensure that it is revoked when no longer needed?
- What data do users need to see? For most purposes, it’s probably only the build up to gross pay and on costs such as employer’s NI. Access should be restricted to fields that users actually need.

Thanks (0)
avatar
By andyscotland
22nd Aug 2019 15:26

Broadly, I think all systems should allow users raw access to any/all of the data they can access from the GUI. As you say there's no security risk providing that uses the same authentication / authorisation model as the app interface. I actually think systems should expose write operations as well as read (again provided that they're things the user would be allowed to do in the GUI).

However, I would strongly advise against building anything against direct access to the underlying database.

In most cases the supplier won't consider their internal database structure to be a supported part of the product. By accessing it directly, you run the risk of all your custom reports, integrations, etc breaking each time they release a new version and rename / move / change the meaning of particular data fields.

Instead your integrations should work through an API (application programming interface), which provides guarantees about the structure and content of the data.

This would ideally be something produced and officially supported / maintained by the supplier. Failing that, you could produce one internally that reads directly from the database, and then build all your integrations to talk to it. At least that way you only have to deal with database structure changes in one place in the future rather than dotted about all over your organisation.

Thanks (0)
avatar
By PayDashboard
22nd Aug 2019 16:46

Coeus - what data do your users need to access? Depending on the data you require PayDashboard may be able to help - you could upload the data to our interface via API or file upload direct from the payslip data and then access our reporting for your users - but depends on your data requirements.

Feel free to contact [email protected] if you want to discuss further.

Thanks (0)