You can organize your teams and workflows more effectively in Payhawk by using built-in roles and role extensions. Each comes with specific permissions to align with your company’s structure, responsibilities, and internal policies, enabling robust segregation of duties and granular access controls for enhanced security and oversight.
When inviting employees to your Payhawk account, you must assign a specific Payhawk role to each individual.
Payhawk roles are available at the group level only.
Permissions
Permissions refer to the available rights for a Payhawk role or role extension. For example, an employee with the built-in Payhawk Employee role has the permission to view the expenses they’ve submitted, but they won't be able to view all company expenses.
Built-in Payhawk roles
The built-in (default) Payhawk roles:
Come out of the box with a predefined set of permissions that establish the core access levels and responsibilities for these global roles.
Do not allow for modifying their set of permissions.
Built-in Payhawk role | Permissions |
Employee | Cardholders of company-issued Payhawk cards. Can submit and categorize their expenses, and view details related to their cards and subscriptions. |
Accountant | Includes all Payhawk Employee permissions, plus the ability to manage and review expenses, edit extracted data, and export expense information for reporting or accounting. |
Administrator | Includes all Payhawk Accountant permissions, plus full access to issue and deactivate cards, adjust limits, configure spend policies, manage cash withdrawals, invite employees, and handle billing and administrative settings. |
IT Administrator | Includes a limited set of Payhawk Administrator permissions that are focused on system configuration.
The IT Administrator role allows managing the initial setup, security settings, and integrations (for example, viewing, connecting, or disconnecting ERP systems) without access to sensitive areas like account settings, expenses, or financial data. The role is ideal for separating system configuration tasks from financial controls. |
Senior AP Specialist | Includes a limited set of Payhawk Accountant permissions, such as selected administrative settings.
The Senior AP Specialist role separates access to payment data and confirmation rights, offering a middle ground between the full Payhawk Administrator and Payhawk Accountant roles. The role is ideal for employees who need to manage accounting settings. |
Auditor | Includes all Payhawk Administrator permissions, but with read-only access.
The role allows employees to view all settings and data, but not to make changes. The role is ideal for auditors, consultants, or team members who need oversight of system configurations without the ability to modify them. |
Viewing Payhawk roles and permissions
You can view the built-in Payhawk roles from Group Dashboard > Settings > Roles and permissions.
The full list of permissions enabled for a role can be viewed by selecting the desired role or role extension in Group Dashboard > Settings > Roles and permissions.
