Live Webinar Utility Billing Stabilization for Tyler MUNIS - Thu, Jun 11, 12:30 PM ET
Reserve your seat
Kreative Core Technologies logo with slogan
Contact Us
Kreative Core Technologies logo with slogan

Why HR/Payroll Role Security Breaks After Go-Live in Tyler MUNIS — and What to Do About It

By /

ERP Operations

Martie Kaeding

Martie Kaeding
HCM Functional Advisor · KCT · May 2026

Most Tyler MUNIS implementations end at go-live. The system is live, the training is done, the implementation team has transitioned to Tyler Support, and leadership breathes a quiet sigh of relief.

Six months later, something is wrong. HR is spending hours on manual reconciliation. Supervisors can’t see their approvals in Hub. Personnel Actions are stalling in queues that belong to employees who left the organization months ago. And somewhere, a payroll clerk has access to pay rate tables, employee SSNs, and the full deduction code library — because nobody changed anything since the original role template was applied.

The problem is not Tyler. The problem is that role-based access control (RBAC) in Tyler MUNIS is a living configuration — and most cities stopped treating it that way on the day the system went live.

What RBAC Actually Controls

In Tyler MUNIS, HR/Payroll security is not a single setting. It operates across five layers, and all five have to be correctly configured for the system to work as intended.

Roles
Controls which menus and programs a user can access. The effective permission set is the union of every role assigned to that user. If any role grants Full access, that access overrides everything else.
User Attributes
Controls workflow delivery, email routing, HR number, department code, and ESS Mobile credentials. If these fields are blank or wrong, Hub and ESS silently refuse to work — no error message, no explanation.
Data Access
Controls what records a user can view, modify, or export. This is where sensitive information like pay rates, SSNs, and benefit elections is either protected or exposed.
Promote/Demote
Determines whether a user is designated as a workflow approver. Transfers or departures without a Demote create dead-end approval queues.
Workflow Business Rules
Defines how Personnel Actions, timesheets, and other transactions route for approval. Break any link in the layers above and these rules fail silently.

“New hires inherit the last person’s access. Workflow routing points to people who left. Hub and ESS don’t work. The workbooks say it’s all set up — the system says otherwise.”

The Gap Tyler Doesn’t Fill

Tyler Technologies provides a solid foundation: Security Role Matrix workbooks, Workflow Business Rules templates, PACE training days, Community access, and post-go-live Support.

What Tyler does not provide — and never claimed to — is ongoing RBAC remediation. After go-live, there is no one auditing whether new hires received position-appropriate roles or inherited the last person’s access. No one is reconciling terminated employees against active role assignments. No one is retiring the 40+ inactive action/reason codes still cluttering every HR dropdown.

That work falls on the city. And for most cities, it never gets scheduled.

What the Audit Numbers Show

128
Users with at least one segregation-of-duties conflict

32
Average days to deactivate a terminated employee’s access

14
Users with Payroll Superuser access (only 2 were needed)

These aren’t anomalies. They’re what happens when a well-implemented system is never maintained. Payroll clerks with excess access create audit exposure. Stale workflow routing slows down HR. Inactive codes cause processing errors that generate W-2 corrections and FLSA review. And Hub and Manager Self-Service — the tools that were supposed to reduce HR’s burden — never get adopted because the underlying configuration was never finished.

What a Structured Audit Covers

A structured RBAC audit for Tyler MUNIS HR/Payroll touches six areas:

  1. Role inventory by position — which roles are assigned to each HR/Payroll position, and whether they reflect the actual job function
  2. Permission conflict mapping — where roles overlap, where access exceeds the position, and where segregation-of-duties risks exist
  3. User Attributes audit — missing HR numbers, empty email fields, wrong department codes, and stale Promote/Demote flags
  4. Code relevancy review — active vs. inactive action/reason codes, pay codes, and deduction codes that still appear in every dropdown
  5. Workflow routing map — which Personnel Actions route where, and which business rules are stale, broken, or pointing at terminated approvers
  6. Remediation priorities — what to fix first based on risk, operational impact, and effort

The audit doesn’t require a large project. Most teams can complete the first pass in days using a structured workbook. The discovery process, however, often surfaces remediation complexity that requires support.

The Standard You Should Be Holding

A well-maintained Tyler MUNIS HR/Payroll RBAC environment has consistent characteristics:

  • Every position has a defined, minimal role set that doesn’t exceed job function
  • New hires are assigned roles by position, not by copying their predecessor
  • Transfers and promotions trigger role reviews, not role additions
  • Terminations are communicated to IT within one business day
  • At least one person outside of IT owns the business justification for each role
  • IT and HR review access together at least quarterly

This isn’t an advanced governance posture. It’s the baseline that the system was designed to operate on.

Get the Recording and Workbook

The RBAC Done Right session has concluded. The recording and RBAC self-check workbook are available on the session resource page.


Access the Recording and Workbook

Or talk to KCT about applying the RBAC audit framework to your environment.

Related Sessions


Scroll to Top