Show download pdf controls
  • Manage permissions

    Assigning and managing permissions for staff is one of the main functions of Access Manager. It enables businesses to manage which ATO online services and functions their staff can access.

    Administrators

    Principal authorities have full access to ATO online services such as Online services for agents and the Business Portal. In addition, a user can be granted an 'authorisation administrator' permission in RAM, this enables them to authorise others on behalf of the business. They also have the ability to set Authorised user permissions in Access Manager.

    Once you assign permissions to Authorised users, anything they do within our online services is legally binding to your business.

    Authorised users

    Authorised users can have Full or Custom access. An Authorised user with Custom access has very limited access to our online services by default. To gain authorisation to access more services, they must be assigned specific permissions in Access Manager by an authorisation administrator.

    Authorised users cannot log in to Access Manager unless they are made an authorisation administrator.

    New Authorised users must log in for the first time to an online service before an Administrator can see their account in Access Manager.

    Authorisation administrators

    An authorisation administrator has been delegated authority by the principal authority or another authorisation administrator to manage the permissions of other authorised users and perform other functions in Access Manager. Only a principal authority or authorisation administrator can authorise a user to become an authorisation administrator.

    An authorisation administrator can log in to Access Manager to modify the access and permissions for other Authorised users for the business.

    An authorisation administrator cannot modify their own permissions.

    Machine credential administrator

    A machine credential administrator (MCA) is a user who can create and manage machine credentials to interact with government online services through business software.

    A MCA authority is assigned by a principal authority or authorisation administrator.

    Once the machine credential is created, the principal authority or MCA will be responsible for the use of it in the business.

    See also:

    Authorised basic users

    A Basic user is a user who cannot achieve standard identity strength and has been delegated authority by a principal authority or authorisation administrator in RAM. As a Basic authorised user you cannot log in to Access Manager or the Australian Business Register (ABR).

    You can use our online services for activities such as lodging activity statements PAYG payment summaries and accessing the Small Business Super Clearing House (SBSCH). For security purposes restrictions will apply and you can't link a business or authorise others in RAM.

    See also:

    Permissions

    Access Manager permissions for ATO and ABR online services provides a full list of permissions and which online service they provide access to.

    Assign access and permissions

    For Administrators to assign permissions to Authorised users:

    • log in to Access Manager or RAM – from RAM select View or Modify
    • select Manage permissions
    • select the user. If the user isn't listed, they need to log in to our online service (such as the Business Portal). This creates a profile and the user will display in the table
    • select the relevant permissions or Select all and Clear all buttons above the list
    • select Save.

    Copy permissions

    Avoid copying permissions from an Authorised user with Full access as this may cause an error.

    To copy the permissions from one user to another:

    • select Manage permissions
    • select Copy permissions
    • select the user from the drop-down menu that you want to copy the permissions for
    • select the user that you want to copy the permissions to. You can select one user or multiple users
    • select Save.

    Disabling users

    To disable access:

    • to change the status of the account, select the Active or Disabled button. If Disabled is selected, the user will not be able to log in to Access Manager or any of our online services. A disabled account can be reactivated by selecting the Active button
    • select Save.

    Removing users

    To remove access:

    • select Manage permissions
    • select the user then select Remove account. If removed, the user will not be able to log in to Access Manager or our online services. A removed account can be restored and made active
    • select Confirm.

    Restoring users

    To restore access:

    • select Manage permissions
    • select Past credential holders history
    • select Restore for the relevant user
    • select Confirm
    • select the restored user in the table page
    • select Active against the Account status
    • select Save.

    To view information about when a user was removed or restored:

    • select Manage permissions
    • select Past credential holders history
    • select the user
    • select Close.

    User history reports

    You can use the user history reports to show when authorisation was given to a person, and the details of each login to our online services.

    Access history report

    The Access history report includes the date and time the user logged in to an online service. You can view one or all authorised user's access. For registered agents, the report also lists the clients who have been accessed.

    To view the Access history report:

    • select Manage permissions
    • select either
      • the user (for one user) then Access history report
      • Access history report – all users (for all users)
       
    • type the date and time range then select Search
    • select Export to download the report as a CSV file.

    Update history report

    The Update history report shows when an authorisation was created. This report can only display information for a single user.

    To view the Update history report:

    • select Manage permissions
    • select the user
    • select Update history report
    • type the date and time range then select Search
    • select Export to download the report as a CSV file.
      Last modified: 22 Jun 2020QC 40983