A business owner (which in this context refers to a corporate director or officer) or their delegated authority has to identify the online information that a representative may access and update.

Authorization levels

• Level 1 – View online information
• Level 2 – View and update online information
• Level 3 – View and update online information, and delegate authority

The list of services that a representative can provide online depends on the level of authorization that the related business has consented to.

A business owner decides which of their Canada Revenue Agency (CRA) program accounts their representative will be able to access online. It may be appropriate to give a representative an unrestricted scope of authorization, or to limit access to information specific to a particular program, such as payroll deductions, or to further restrict access to a specific account within a program, as distinguished by its 15-digit business number.

Business owners and their delegated authority are responsible for:

• monitoring and understanding the transactions of representatives
• making sure the information about representatives is up to date
• reviewing the CRA’s list of services, and making sure that representatives should still be authorized
• cancelling the authorization for representatives who no longer need access to online information

In authorizing employees, business owners can create groups using GroupID, in order to simplify the authorization process.

The following examples show how the scope of authorization and the authorization level affect what a representative can access and what the representative can do online.

Example 1 – Level 3 access, wide scope of authorization

Christine is the tax manager for Multinational Corp Inc. (MCI). She is responsible for all corporate income tax reporting in Canada. MCI’s board of directors has determined that Christine should have access to all online information for all programs; that she should be able to view and update all online information; and that she should be given the delegated authority to authorize other employees for Level 3 online access to information.

Example 2 – Level 2 access and moderate scope of authorization

Multinational Corp Inc (MCI) has been selected for an income tax audit by the CRA. MCI has a team of four people who will work with the CRA auditors during the audit. MCI has authorized the team to answer the CRA’s audit enquiries and to provide requested documents as needed. The team has no need to access information about GST/HST or payroll, because that information is not related to the income tax audit. Since the team will be sending documents to the CRA, MCI has determined that Level 2 access is appropriate for all RC (corporate income tax) program accounts.

Example 3 – Level 1 access and limited scope of authorization

Jason has just started working for Multinational Corp Inc (MCI) in their payroll department. One of his duties is to make sure that MCI’s payroll remittances for non-executive pay are properly calculated. When he determines there has been an error or miscalculation in a previous period, Jason advises Chris, the payroll department manager. MCI has two payroll accounts: 12345 6789 RP0001 is the account used for executive pay; and 12345 6789 RP0002 is used for non-executive pay. As a result, Jason’s online authorization has been limited to view only access to program account 12345 6789 RP0002.

Example 4 – Level 1 versus Level 2 access

Pat works in the accounting department of Multinational Corp Inc (MCI). One of Pat’s duties is to confirm that the CRA has properly credited MCI’s payments to the appropriate program accounts, including their monthly remittances for GST/HST, payroll deductions and corporate tax instalments. When Pat identifies an error, he advises Jody, the manager of the accounting department, who is responsible for correcting the error. MCI has given Pat Level 1 authorization for all program accounts, and Jody has Level 2 authorization for all program accounts.