COTAX Manual

COM31031 - Background: Allocation of COTAX and CT Online user roles: Authorising user role requests

Managers must review system accesses and user roles, at least annually, but more regularly for higher risk and limited licence accesses. Remove them from staff when those accesses are no longer required.  

Please see the HMRC Acceptable Use Policy (AUP) (sharepoint.com). Further guidance can be found on the Service Central page, How to view, find add and remove SRS roles for a staff member in SRS. 

A role review should also be carried out when colleagues join, leave, change role or when triggered by a reminder. The current manager should review their member of staff’s roles and remove any as needed, the new manager should also review roles allocated when a staff member moves into their team by: 

SRS > Reports > User Reports > Users and Roles 

Once the roles have been reviewed, any roles no longer required should be removed by: 

SRS > User Management > Add/Remove Services 

Line Managers should ensure there is a delegate who can act on their behalf. 

SRS > Self Service > My Delegates 

You must regularly check that you only have the system access, software accounts and user roles needed for your current role, including mailboxes and Microsoft 365 sites. This means checking at least annually and whenever you change your role, move work area, or leave HMRC. You may also be prompted by SRS to review and remove accesses at various times, and you must carry out these actions promptly. 

Further guidance on how to do this can be found on the Service Central page. Additional information for managers can also be found on the Corporate Line Manager Checks page.  

If you have any questions, please contact the following mailbox: IDAM Review (CDIO).