Understanding User Roles
Mod AI uses a two-level role system to control what users can see and do. Understanding your role helps you know which features are available to you and who to contact when you need different access.
Two Levels of Roles
Roles in Mod AI are split into two layers:
- Organization Roles -- Control access to organization-wide settings, billing, and user management across all entities.
- Entity (Company) Roles -- Control what you can do within a specific entity, such as processing invoices, approving, or managing settings.
You have one organization role and one entity role per entity you belong to. For example, you might be an organization-level User but have the Manager role in one entity and the Clerk role in another.
Organization Roles
Organization roles determine your access to organization-level settings and administration.
| Role | Description |
|---|---|
| Primary Admin | The organization owner. Has full access to all organization settings, billing, and user management. There is exactly one Primary Admin per organization. |
| Admin | Can manage organization settings, invite and remove users, and configure entities. Cannot transfer ownership. |
| User | Basic organization-level access. Can log in and access the entities they are assigned to. Cannot manage organization-level settings. |
The Primary Admin role represents ownership of the Mod AI organization. This role can be transferred to another user, but only by the current Primary Admin. If your organization's Primary Admin has left and you need ownership transferred, contact support@usemod.ai.
Entity (Company) Roles
Entity roles control what you can do within a specific company or entity. These are the roles that affect your day-to-day work in Mod AI.
Admin
Full access to all features and settings within the entity. Admins can manage users, configure integrations, set up approval policies, create rules, and process invoices. This is typically assigned to the AP manager or controller responsible for the entity.
Manager
Can manage users, rules, approval policies, and vendors. Managers can also approve invoices. This role is suited for AP team leads and supervisors who need to configure how the entity operates.
Approver
Can review and approve or reject invoices that are routed to them through approval workflows. Approvers have limited access to settings and cannot manage users or rules. This role is ideal for department heads or budget owners who only need to approve spend.
Clerk
Can upload, review, and edit invoices. Clerks cannot approve invoices or manage settings, rules, or users. This is the most common role for AP team members who handle day-to-day invoice processing.
Auditor
Read-only access to all data within the entity. Auditors can view invoices, purchase orders, receipts, vendors, and approval history, but cannot make any changes. This role is designed for internal or external auditors who need visibility without the ability to modify data.
Permission Table
The table below shows what each entity role can do:
| Permission | Admin | Manager | Approver | Clerk | Auditor |
|---|---|---|---|---|---|
| View invoices | Yes | Yes | Yes | Yes | Yes |
| Edit invoices | Yes | Yes | No | Yes | No |
| Upload invoices | Yes | Yes | No | Yes | No |
| Approve / reject invoices | Yes | Yes | Yes | No | No |
| Manage vendors | Yes | Yes | No | No | No |
| Manage rules | Yes | Yes | No | No | No |
| Manage approval policies | Yes | Yes | No | No | No |
| Manage users | Yes | Yes | No | No | No |
| Manage entity settings | Yes | No | No | No | No |
| View audit log | Yes | Yes | Yes | Yes | Yes |
If you are unsure what role you have, check with your entity admin. They can view and update roles from the Entity Users settings.
How Roles Are Assigned
Roles are assigned by entity admins (or organization admins) when they invite a user or update an existing user's access.
- When you are invited, the admin selects both your organization role and your entity role for each entity you are added to.
- After you join, an admin can change your entity role at any time from the Entity Users settings.
- You cannot change your own role. If you need a different level of access, contact your entity admin.
Lock Icons in the Sidebar
When you see a lock icon next to a sidebar item, it means your current entity role does not have permission to access that feature. For example:
- Clerks will see locks on Settings, Rules, and Approval Policies.
- Approvers will see locks on Settings, Rules, Users, and Vendors.
- Auditors will see no locks (everything is visible), but all editing actions will be disabled.
The lock icon is there to help you understand your access level at a glance. If you need access to a locked section, reach out to your entity admin.
Next Steps
- Ready to explore the platform? See Navigating the Dashboard.
- Need to manage user roles? Go to Entity Users settings.
- New to Mod AI? Start from the Welcome page.