Show download pdf controls
  • Manage permissions

    Assigning and managing permissions for staff is one of the main functions of Access Manager. It enables businesses to manage which ATO online services and functions their staff can access.

    Administrators

    Administrators (Authorisation administrator or principal authorities) have full access to ATO online services such as Online services for agents and the Business Portal. They also have the ability to set Authorised user permissions in Access Manager.

    Once you assign permissions to Authorised users, anything they do within our online services is legally binding to your business.

    Authorised users

    Authorised users can have Full or Custom access. An Authorised user with Custom access has very limited access to our online services by default. To gain authorisation to access more services, they must be assigned specific permissions in Access Manager by an Administrator or an Access Administrator.

    Authorised users cannot log in to Access Manager unless they are made an Access Administrator.

    New Authorised users must log in for the first time to an online service before an Administrator can see their account in Access Manager.

    Access Administrators

    An Access Administrator is an Authorised user who has been delegated authority by the Administrator to manage the permissions of other Authorised users and perform other functions in Access Manager. Only an Administrator can authorise an Authorised user to become an Access Administrator.

    An Access Administrator can log in to Access Manager to modify the access and permissions for other Authorised users in the business.

    An Authorised user who is an Access Administrator cannot appoint other users as Access Administrators or modify their own access.

    Machine Credential Administrator

    A machine credential administrator (MCA) is a user who can create and manage machine credentials to interact with government online services through business software.

    A MCA authority is assigned by a principal authority or authorisation administrator.

    Once the machine credential is created, the principal authority or MCA will be responsible for the use of it in the business.

    See also:

    Authorised basic users

    A Basic user is a user who cannot achieve standard identity strength and has been delegated authority by a principal authority or authorisation administrator in RAM. As a Basic authorised user you cannot log in to Access Manager or the Australian Business Register.

    You can use our online services for activities such as lodging activity statements PAYG payment summaries and accessing the Small Business Super Clearing House (SBSCH).For security purposes restrictions will apply and you can't link a business or authorise others in RAM.

    See also:

    Permissions

    Access Manager permissions for ATO and ABR online services provides a full list of permissions and which online service they provide access to.

    Assign access and permissions

    For Administrators to assign permissions to Authorised users:

    • log in to Access Manager or RAM – from RAM select View or Modify
    • select Manage permissions
    • select the user. If the user isn't listed, they need to log in to our online service (such as the Business Portal). This creates a profile and the user will display in the table
    • select the relevant permissions or Select all and Clear all buttons above the list
    • select Save.

    Copy permissions

    Avoid copying permissions from an Authorised user with Full access as this may cause an error.

    To copy the permissions from one user to another:

    • select Manage permissions
    • select Copy permissions
    • select the user from the drop-down menu that you want to copy the permissions for
    • select the user that you want to copy the permissions to. You can select one user or multiple users
    • select Save.

    Manage access administrators

    To manage access administrators:

    • select Manage permissions
    • select the user
    • to modify access (add or remove access) from an Access administrator, select the No or Yes button. If Yes is selected, the user will have the authority to log in to Access Manager and update permissions for other Authorised users
    • select Save.

    Disabling users

    To disable access:

    • to change the status of the account, select the Active or Disabled button. If Disabled is selected, the user will not be able to log in to Access Manager or any of our online services. A disabled account can be reactivated by selecting the Active button
    • select Save.

    Removing users

    To remove access:

    • select Manage permissions
    • select the user then select Remove account. If removed, the user will not be able to log in to Access Manager or our online services. A removed account can be restored and made active
    • select Confirm.

    Restoring users

    To restore access:    

    • select Manage permissions
    • select Past credential holders history
    • select Restore for the relevant user
    • select Confirm
    • select the restored user in the table page
    • select Active against the Account status
    • select Save.

    To view information about when a user was removed or restored:    

    • select Manage permissions
    • select Past credential holders history
    • select the user
    • select Close.
      Last modified: 30 Mar 2020QC 40983