Getting Started

Best Practices for Setting Payroll Permissions

Learn what the best practices are for setting payroll permissions with Custom Roles or User-Level Permissions

The New Era of Payroll Permissions

In the past, only Full Account Admins (FAAs) had access to run payroll. Now, with GoCo’s new payroll permissions, you no longer have to be a FAA to access payroll data. Custom roles and user-level permissions allow you to achieve specific access levels based on the tasks your team members perform, creating checks and balances in your payroll process.

Custom Roles vs. User-Level Permissions: What’s the Difference?

When setting payroll permissions in GoCo, it’s important to understand the distinction between custom roles and user-level permissions to ensure the right people have access to the right data.

  • Custom Roles: These are designed to be assigned to a group of people who need similar access. For example, you might create a custom "Payroll Admin" role that grants payroll access to all individuals within your payroll department. This helps ensure consistency when multiple users require the same permissions.

  • User-Level Permissions: These are more granular and can be assigned to a specific individual. This allows you to fine-tune access for one person based on their unique role or responsibilities.

Understanding Payroll Permission Levels

When configuring permissions in the payroll category, it’s important to understand how the selection you make at a high level impacts the subcategories underneath it.

  • Main Category Permission: If you select "Full Access", at the main category level (i.e., Payroll), the following will automatically apply to all subcategories under Payroll.  Screenshot 2024-10-15 at 12.57.21 PM

    • Run Payroll: Prepare, Preview, & Submit
    • Pay stubs: Can View 
    • Payroll Documents: Can View
    • Company Tax Settings: Can Edit
  • Custom Permissions: Selecting "Custom" opens up a dropdown that allows you to select specific permissions for each subcategory. This is where you can fine-tune access.

    This approach provides greater flexibility in controlling access to sensitive data.

    Screenshot 2024-10-15 at 1.06.27 PM

Real-World Use Cases

  • Scenario 1: Delegating Payroll Preparation and Submission

Imagine a situation where User 1 is responsible for preparing payroll, but only User 2 has the authority to submit it. You can now assign user-level permissions that give User 1 the ability to gather payroll data, but only User 2 can finalize and submit the payroll. This separation of tasks ensures that there are checks and balances within the payroll process, adding an extra layer of security.

    • User 1 Settings: responsible for preparing payroll Screenshot 2024-10-15 at 1.27.48 PM
    • User 2 Settings: authority to finalize and submit payrollScreenshot 2024-10-15 at 12.57.21 PM
  • Scenario 2: Admin Duties Without Payroll Access Using Custom Roles

    You may have an admin who needs access to employee records, HR reports, and general company data, but should not have any visibility into payroll information. Using custom roles, you can create a "General Admin" role that grants access to all the necessary HR functions, while excluding payroll permissions.

    This ensures that the admin can fulfill their duties without risking exposure to sensitive payroll data, which is only visible to those who need it.

  • Scenario 3: Payroll-Only Role with User-level Permission.

    In this case, you have a team member who is solely responsible for payroll duties, without needing access to other parts of the system like employee performance or benefits. Here, you can use user-level permissions to create a "Payroll Specialist" role that grants full access to payroll, while restricting access to other areas.

    This type of custom role helps streamline the user's experience, giving them access only to what they need to do their job, while protecting the rest of the system from unnecessary access.

Safeguarding Sensitive Payroll Data

Payroll permissions grant access to sensitive employee data, such as:

  • Earnings and deductions
  • Social Security Numbers (SSN)
  • Direct deposit details

To protect this information, it’s important to limit payroll permissions to users who genuinely need access. These users should also be trained in handling sensitive data, as their permissions provide access to critical personal and financial information.

Regularly Review Permissions: As employees change roles or leave the company, be sure to regularly review and adjust their permissions to prevent unnecessary access to payroll data.

Configuring Access for Managers

Managers may need access to payroll data for their direct or indirect reports. We recommend configuring team-level access for a manager.


If you have additional questions please reach out to our support team or your GoCo payroll specialist. 💚