Levels and scope of authorization that you can give representatives of your business

Disclaimer

We do not guarantee the accuracy of this copy of the CRA website.

Scraped Page Content

Levels and scope of authorization that you can give representatives of your business

A business owner (may include a corporate director or officer) or their delegated authority has to identify the information that a representative may access and update. This is established by the level and scope of authorization given.

Levels of authorization

Choose which level of access your representative should have:

Level 1

View information only

Level 2

View and update information

Level 3

Delegated authority, view and update information

Scope of authorization

Decide how much of your business account you want your representative to be authorized for:

Entire business number

Authorized for all program accounts

Specific programs

Authorized for specific programs, such as all RP accounts, all RT accounts, or all RC accounts

Specific program account

Authorized for only one specific program account, for example, RP account 12345 6789 RP0003

Level 3 – Delegated authority, view and update information

As the owner or director of a business, you can authorize a representative to have level 3 delegated authority. This level of authorization is almost the same as yours, allowing delegated authorities to authorize other representatives and make changes to your business accounts. They will always have both offline and online access.

With this level of authorization, a director's approval is not needed to authorize other representatives. If a delegated authority leaves their position, they should authorize another representative to fill their role. This ensures that owners or directors do not need to approve a new delegated authority.

You can only request level 3 delegated authority using a representative identifier (RepID) for Represent a Client. A group identifier (GroupID) or OrgBN can't have level 3 access to a business. For more information, go to Frequently asked questions – How can GroupID help me manage my employees?

Examples of levels and scope of authorization

View examples to find out what a representative can do based on their scope and level of authorization.

Example 1 – Level 3 with access to the entire business number

Mei is the tax manager for Multinational Corp Inc. (MCI). She is responsible for all corporate income tax reporting in Canada. MCI's board of directors want her to have access to view and update online information for all programs. They also want her to have delegated authority to give employees or external accountants access to the company's Canada Revenue Agency (CRA) information.

Mei's level and scope of authorization:

  • Level 3, delegated authority, view and update information (requires a RepID)
  • Delegated access with the ability to view and update information for the entire business number and all program accounts

Example 2 – Level 2 with access to a specific program

The CRA selected Multinational Corp Inc. (MCI) for a corporate income tax audit. MCI has a team of four members who will work with the CRA auditors. The team does not need access to the company's GST/HST account or payroll account information, since that information is not required for an income tax audit.

MCI must give the team access to the corporation income tax (RC) program accounts so it can answer the CRA's audit enquiries and send requested documents as needed. MCI decides to create a GroupID with level 2 authorization to allow the team to send documents to the CRA. All four team members will have to register for a RepID before the group administrator can assign their level of authorization.

The four team members under the GroupID will have the following level and scope of authorization:

  • Level 2, view and update information
  • View and update access for a specific program: all RC accounts

Example 3 – Level 1 with access to a specific program account

Mohammed started working in the payroll department at Multinational Corp Inc. (MCI). The company has two payroll deductions (RP) program accounts: 12345 6789 RP0001 is for executive pay and 12345 6789 RP0002 is for non-executive pay. Mohammed's job is to make sure MCI's payroll remittances are calculated correctly for non-executive pay. Mohammed should be limited to view only access to program account 12345 6789 RP0002.

When Mohammed finds a calculation error in the non-executive pay account, he is unable to fix the error himself. He has to report the error to Chris, his payroll department manager, who has access to fix the error.

Mohammed's level and scope of authorization:

  • Level 1, view information only
  • View access only to a specific program account: 12345 6789 RP0002

Chris' level and scope of authorization:

  • Level 2, view and update information
  • View and update access to a specific program: all RP accounts

Example 4 – Level 1 versus level 2 authorization

Pat works in the accounting department of Multinational Corp Inc. (MCI). Pat makes sure MCI's payments are credited to the right program accounts. This includes checking monthly remittances for GST/HST, payroll deductions, and corporate tax instalments.

Pat finds an error, but cannot fix it since he only has access to view the information. He has to tell Fatima, the manager of the accounting department. Fatima can fix the error because she has access to update information.

Pat's level and scope of authorization:

  • Level 1, view information only
  • View access to the entire business number and all program accounts

Fatima's level and scope of authorization:

  • Level 2, view and update information
  • View and update access to the entire business number and all program accounts


Page details

Date modified:
2024-10-24