To use our Online Services for DSPs, each person in your business who requires access will need their own unique AUSkey
There are two types of AUSkeys:
- administrator AUSkey
- standard AUSkey.
If you're the first person in your business to register for an AUSkey, you'll automatically receive an administrator AUSkey, allowing you to manage all AUSkeys linked to the ABN.
With your administrator AUSkey, you can use the standalone tool Access Manager to manage access and permissions to this service for your staff (who will need to be registered with a standard AUSkey).
Within Access Manager, permissions and restrictions may be set for each AUSkey holder. For example if you wish for a person to be able to view Activity Statements online but not view the Payroll event form data then you would need to make sure the Activity Statements View permission box is checked and the Payroll event form permission box is unchecked. Further information on Access Manager Permissions can be found at Access Manager permissions for ATO and ABR online services.
Online services for DSPs do not have specific restrictions in Access Manager. Both an administrator AUSkey and standard AUSkey allow access to the service. Within the service there are certain requests that contain private information, a user can choose whether or not to share this with other AUSkey holders (eg Operational Framework). This is done by changing the request from Public to Private at the time of submitting. If they leave the submission as public, all AUSkey holders will be able to view the submission, alternatively changing to private will only allow the person creating the submission to view. If the request has no public/private option then the information will be accessible by all AUSkey holders.
Once registered, a Standard AUSkey user will have certain permissions granted to them by default. These permissions are ones that require no relationship permissions to lodge on behalf of the business. These will need to be removed in Access Manager if you do not wish for them to have that functionality. Currently the default permissions for a standard AUSkey are:
|Common Reporting Standard (CRS) Statement||Prepare|
|Common Reporting Standard (CRS) Statement||Lodge|
|Country by country report||Prepare|
|Country by country report||Lodge|
|Foreign account tax compliance act (FATCA) data||Prepare|
|Foreign account tax compliance act (FATCA) data||Lodge|
|PAYG payment summary||Prepare|
|PAYG payment summary||Lodge|
|Taxable payments annual report||Prepare|
|Taxable payments annual report||Lodge|
|Transfer of shares and units||Prepare|
|Transfer of shares and units||Lodge|
You should be aware, to remove these accesses or even add accesses to a new standard AUSkey, the standard AUSkey holder will need to log in and log out at least once before an Administrator can add or remove accesses to functionality. Access Manager does not know standard AUSkey exists until it has logged in for the first time, and therefore is unable to set permissions until that event occurs.
The standard AUSkey will also have access to the Business Portal and other services using the AUSkey credential, however will not be able to view information they do not have permission for. For example, if the standard AUSkey does not have permission to view a Company Tax Return it will not be able to. It is recommended Administrator AUSkey users periodically check Access Manager permissions to ensure Standard AUSkey users have the appropriate level of access.
You should also be aware the ATO is not the only organisation using the AUSkey credential. Other SBR enabled organisations such as ASIC and State Revenue Offices also use AUSkey. AUSkey permissions for other Government agencies are not controlled by Access Manager or the ATO. The ATO does not have control over the permissions allowed by default by these departments.