Roles & permissions
Detailed breakdown of roles, hierarchy levels, and granular permissions.
Three roles with hierarchical access control. Users can only manage team members with lower privilege levels.
Role Comparison
| Capability | Owner | Editor | Auditor |
|---|---|---|---|
| View dashboard | Yes | Yes | No |
| View invoices | Yes | Yes | Yes |
| Create/edit/delete invoices | Yes | Yes | No |
| Export invoices | Yes | Yes | Yes |
| Download attachments | Yes | Yes | Yes |
| Upload attachments | Yes | Yes | No |
| Connect email | Yes | Yes | No |
| Trigger scans | Yes | Yes | No |
| View scan history | Yes | Yes | No |
| View reconciliations | Yes | Yes | Yes |
| Manage reconciliations | Yes | Yes | No |
| Access analytics | Yes | Yes | No |
| Manage settings (Company) | Yes | Yes | No |
| Manage settings (Email) | Yes | Yes | No |
| Manage settings (Categories) | Yes | Yes | No |
| Manage settings (AI Rules) | Yes | Yes | No |
| Manage members | Yes | No | No |
| Manage billing | Yes | No | No |
| Access affiliate program | Yes | Yes | Yes |
| Delete account | Primary owner only | No | No |
Granular Permissions
Owners can grant specific admin capabilities to Editors through granular permissions:
| Permission | Description |
|---|---|
roles.manage | Change team member roles |
billing.manage | View and manage subscription |
settings.manage | Modify account settings |
members.manage | Add and remove team members |
invites.manage | Send and revoke invitations |
Owner
Full access to every feature in the workspace. Best for founders and senior finance managers. Owners control invoices, all settings tabs, billing, and team management.
Editor
Full operational access to the day-to-day workflow. Editors can use the dashboard, manage invoices, run reconciliations, view analytics, and configure workspace settings (Company, Email, Categories, and AI Rules). Editors cannot manage billing or team members unless granted specific granular permissions.
Auditor
Read-only access designed for external reviewers. Auditors can view and export invoices and reconciliations, and access the affiliate program. They cannot see the dashboard, analytics, email connections, settings, or billing.
Safe for external accountants, auditors, and compliance reviewers.
Best Practices
- Start new members as Auditors, promote to Editor when they need operational access
- Reserve Owner for executives and senior finance leaders
- Remove former employees promptly and adjust roles as responsibilities change