Secondary Users

These guidelines provide examples for how account holders may change the sharing rights for other account users.

‣

On this page

Overview

In accordance with CDR Rule 1.13(1)(e),

(1) A data holder must provide: (e) in relation to each account in relation to which a person has account privileges―a service that can be used by the account holder to: (i) make a secondary user instruction; and (ii) withdraw the instruction.

Consent Management is the final stage of The Consent Model. This is a high level example of the relationship between Consent Management and Account permissions.

The guidelines in this section provide examples for how account holders may change the sharing rights for other account users.

Wireframes and guidelines

Note: The wireframes shown are examples of how to implement key rules, standards, and guidelines. Use the on-screen functions to adjust zoom level or expand the wireframes to be viewed at full screen.

Remove secondary user instruction

The following wireframes show a basic example for a withdrawing secondary user instruction. The process is made up of the following steps:

Identifying the account with a secondary user instruction
Reviewing the consequences of withdrawal
Confirming the withdrawal
Receiving a confirmation of withdrawal

‣

See key requirements and guidelines

Wireframe ref	Type	Requirement level	Statement	Reference	Checklist ref	Focus area
01	CDR Rule	MUST	(5) If the CDR consumer is a secondary user for an account, the data holder must also provide the account holder with an online service that: (d) is simple and straightforward to use, and is no more complicated to use than the processes for giving the authorisation or instruction;	CDR Rule 1.15(5)(d)	5CM4.01.01	01. Remove secondary user instruction
02	CDR Rule	MUST	(1) A data holder must provide: (e) in relation to each account in relation to which a person has account privileges―a service that can be used by the account holder to: (ii) withdraw the instruction. Note 4: To avoid doubt, a service may be offered in an online form even if this subrule does not require it to be an online service.	CDR Rule 1.13(1)(e)(ii), (Note 4)	5CM4.01.02	01. Remove secondary user instruction
03	CDR Rule	MUST	(5) If the CDR consumer is a secondary user for an account, the data holder must also provide the account holder with an online service that: (b) allows the account holder, at any time, to withdraw the secondary user instruction;	CDR Rule 1.15(5)(b)	5CM4.01.03	01. Remove secondary user instruction
04	CDR Rule	MUST	(5) If the CDR consumer is a secondary user for an account, the data holder must also provide the account holder with an online service that: (c) as part of the process of withdrawing a secondary user instruction, displays a message, in accordance with the data standards, about the consequences of proceeding with withdrawing a secondary user instruction;	CDR Rule 1.15(5)(c)	5CM4.01.04	01. Remove secondary user instruction
05	CX Standard	MUST	As part of the secondary user instruction withdrawal process, data holders MUST advise the consumer: 1. That removing a secondary user instruction will stop all current and future data sharing for the secondary user(s) 2. To review the consequences of withdrawal with the secondary user(s) before removing the secondary user instruction Note: The exact phrasing of this message is at the discretion of the data holder.	Withdrawal Standards, Withdrawal: Secondary User Instruction	5CM4.01.05	01. Remove secondary user instruction
06	CX Guideline	MAY	Consumers may have various account permissions to manage, such as joint account disclosure option management, nominated representative services, and secondary user instructions. To facilitate consumer control and consent management, data holders should provide these services in intuitive and centralised locations in relation to their consumer dashboard.		5CM4.01.06	01. Remove secondary user instruction
07	CX Guideline	MAY	If scrolling is required to view the total number of accounts, data holders should also allow consumers to search and filter their accounts. For example: A consumer may want to filter account types or data sharing preferences.	10 Usability Heuristics for User Interface Design: Flexibility and efficiency of use (Nielsen)	5CM4.01.07	01. Remove secondary user instruction
08	CX Guideline	MAY	Data holders may provide optional functionality that allows a consumer to see which authorisations are associated with the account.		5CM4.01.08	01. Remove secondary user instruction
09	CX Guideline	MAY	Data holders should introduce positive friction to the withdrawal flow to mitigate user error and unintended consequences. Data holders may choose to do this via a 2-step authorisation withdrawal process.	CX Research 32 \| 10 Usability Heuristics for User Interface Design: Error prevention (Nielsen)	5CM4.01.09	01. Remove secondary user instruction
10	CX Guideline	MAY	Data holders should notify the impacted secondary user(s) when their secondary user instruction is withdrawn. If a data holder does implement this functionality, the account owner withdrawing the instruction should be alerted to the fact that the secondary user(s) will be notified when the instruction is withdrawn.		5CM4.01.10	01. Remove secondary user instruction
11	CX Guideline	MAY	Data holders should provide instructions on how to review and manage account permissions as part of the withdrawal process		5CM4.01.11	01. Remove secondary user instruction
12	CX Guideline	MAY	Data holders should provide a message to consumers that withdrawal was successful. This message should be clearly visible on the dashboard and shown as soon as withdrawal has taken place.	10 Usability Heuristics for User Interface Design: Visibility of system status (Nielsen)	5CM4.01.12	01. Remove secondary user instruction
13	CX Guideline	MAY	Data holders should provide support pathways at appropriate points throughout the consent model. These may include before and after key decision points, such as confirming or withdrawing a sharing arrangement or permission.		5CM4.01.13	01. Remove secondary user instruction
14	CX Guideline	MAY	Data holders can refer to accounts using recognised nicknames, icons, account numbers, and account type. They can also include information on other elements the account may refer to such as any related plans, services, properties, numbers, and products.		5CM4.01.14	01. Remove secondary user instruction
15	CDR Rule	MUST	(5) If the CDR consumer is a secondary user for an account, the data holder must also provide the account holder with an online service that: (e) is prominently displayed and readily accessible to the account holder.	CDR Rule 1.15(5)(e)	5CM4.01.15	01. Remove secondary user instruction

‣

See prototype

Download open source asset

Open source design assets have been created in Figma for the purposes of assisting implementation. This Figma file contain annotated wireframes and working prototypes for removing secondary user instruction.

Download design asset

Item	File	Date released	Version introduced
5CM4. Secondary Users v1.33.0.2025.02.26	5CM4. Secondary Users v1.33.0.2025.02.26.fig	Feb 26, 2025	1.33.0

For past versions, refer to Change log.

‣

About open source assets

About this page

References

The artefacts on this page were informed by the following sources.

Title	Author	Date published	URL	Type
Consumer Data Right Rules: consent and operational enhancement amendments consultation	The Treasury	Aug 9, 2024	treasury.gov.au	Consultations
Decision Proposal 160: CX Standards \| Non-individuals \| Partnerships \| Secondary users (see concept 2 Removing secondary user instruction)	Data Standards Body (DSB)	Feb 9, 2021	github.com	Consultations
Phase 2, Stream 2 Research Report	Greater than X	Jul 31, 2019	cx.dsb.gov.au	Research
10 Usability Heuristics for User Interface Design (Visibility of system status)	Nielsen Norman Group (NNG)	Apr 24, 1994	nngroup.com	Other
10 Usability Heuristics for User Interface Design (Error prevention)	Nielsen Norman Group (NNG)	Apr 24, 1994	nngroup.com	Other
10 Usability Heuristics for User Interface Design (Flexibility and efficiency of use)	Nielsen Norman Group (NNG)	Apr 24, 1994	nngroup.com	Other

Last updated

This page was updated @Feb 26, 2025

Have your say

Community consultations and maintenance are part of our ongoing process. Here’s how you can get involved:

Request new Guidelines or changes to existing Guidelines through the CX Guidelines Consultation process
Request new Standards or changes to existing Standards through the Standards Maintenance process
Log a ticket for any questions about the rules, standards, or guidelines through the CDR Support Portal
Email your feedback to cx@dsb.gov.au

Quick links to CX Guidelines:

Accessibility statement

→ cx@dsb.gov.au → cx.dsb.gov.au | cds.gov.au

The Consumer Data Standards Program is part of Treasury. Copyright © Commonwealth of Australia 2023. The information provided on this website is licensed for re-distribution and re-use in accordance with Creative Commons Attribution 4.0 International (CC-BY 4.0) Licence.