This part of GOV.UK is being rebuilt – find out what beta means

HMRC internal manual

COTAX Manual

Background: Allocation of COTAX and CT Online user roles: Role Authoriser duties

Authorising requests

As the Role Authoriser, you are responsible for authorising (Word 465KB) applications through the Service Request System (SRS) for a COTAX or CT Online Services role.

SRS sends you an automatically generated email to tell you there is a new user role request.

You must only authorise requests for COTAX and CT Online Services roles where:

  • the request relates to an MUID for which you are responsible
  • you are satisfied that the member of staff needs the role to perform their current allocated duties and those duties are appropriate to their grade.

You cannot refine a user role to prevent access to any specific functions within that role. If you authorise a request for a role, that user will have access to all of the functions relating to the role. See COM250 for details of the functions within each user role.

Certain roles cannot be allocated with other roles. For example, the same user cannot have both Clerical Caseworker and Technical Caseworker. See COM253 for details.

You must record the allocation of the authorised user role or roles in the Authorised User Registered File. See COM31040 for details.

As Role Authoriser you must not use SRS to request and then authorise a COTAX role or a CT Online Services role for your MUID for any member of staff you manage. If you have staff that require access to COTAX and CT Online Services, you may need to appoint a delegate in SRS to request roles on your behalf if you do not have a deputy Role Authoriser to authorise your request for you.

You are responsible to the senior responsible officer for ensuring:

  • the effective and proper use of COTAX and CT Online services for your MUID
  • the maintenance of appropriate levels of security for your MUID.

See COM31050 for more information.

Top of page

Reviewing user roles

The OE CT Live service team SRS Administrators will undertake periodic reviews of specific COTAX user roles.  This activity is to satisfy the audit requirements to ensure the following:

  • the Role authorisers are following correct procedure
  • staff only have the roles allocated to their profile that they need to do their current job at their current grade
  • staff have access to the appropriate MUID along with the required access level
  • any users who have changed role within the department but may have retained their previous CT system access are reviewed.

The reviews will be targeted to particular COTAX roles, business areas, MUIDs and grades. Users identified as either posing a possible risk or holding a potentially inappropriate role or restricted MUID will be challenged and may have the role removed if their current duties no longer support the level of system access held.

Top of page