User roles
User roles
Role-based permissions control what users can see and do in Eloope, ensuring appropriate access for each team member.
How roles work
Roles define what a user can do in Eloope by granting specific permissions that allow or restrict access to features and data. When you're assigned a role, you automatically receive all the permissions associated with that role, which determines what screens you can access, what actions you can perform, and whose data you can view. This role-based access control system ensures that users only see information relevant to their job function and can only perform actions appropriate for their level of responsibility.
The system is built on three key concepts that work together to control access. A user is an individual person with login credentials for your Eloope account. A role represents a job function within your organization, such as Employee, Manager, Finance, Auditor, or Administrator. A permission is a specific action that a role allows, such as creating expenses, approving reports, or managing users.
Multiple roles. Users can have multiple roles simultaneously, which is common in smaller organizations where people wear multiple hats. If you have multiple roles assigned, you receive all permissions from all your roles combined. For example, if you're assigned both the Employee and Manager roles, you can submit your own expenses like any employee and also approve reports for your team members. The system automatically grants you the most permissive access level across all your roles.
The five core roles
Eloope provides five core roles that cover all the access needs for typical organizations.
Employee
Who gets this role: All staff members who need to submit expenses receive the Employee role. This includes full-time employees, contractors, interns, consultants, and anyone else who incurs business expenses on behalf of your organization.
What employees can do. Employees can create, view, edit, and delete their own expenses before submitting them. They can upload receipts and use OCR scanning to automatically extract receipt information. They have the ability to create expense reports by grouping multiple expenses together and submit those reports for manager approval. Employees can request cash advances for upcoming business trips and create trip records to organize travel-related expenses. They also have access to a personal spending dashboard that shows their expense history, pending reports, and reimbursement status.
Cannot. Employees cannot view other people's expenses or reports, ensuring privacy across the organization. They cannot approve anything—all their submissions require manager review. They have no access to admin settings, organization-wide configurations, or system management features. They also cannot see organization-wide analytics or reporting, only their own personal expense data.
Manager/Approver
Who gets this role: Department managers, team leads, project managers, and anyone with direct reports or approval responsibilities receives the Manager role. This role is typically assigned based on your organization's reporting hierarchy.
What managers can do. Managers retain all employee permissions—they can still submit and manage their own expenses just like any other employee. Additionally, they can view all expenses and reports submitted by their team members, providing visibility into team spending. They have the authority to approve or reject expense reports from their direct reports, and they can approve cash advance and trip requests as well. When managers need to be away from the office, they can set up delegation to route approvals to another manager temporarily. Managers also have access to team spending dashboards and analytics showing spending trends, category breakdowns, and budget tracking for their department.
Cannot. Managers cannot view expenses or reports from employees outside their team, maintaining appropriate data boundaries. They cannot process reimbursement payments—that's a finance team function. They don't have access to modify organization-wide settings, user management, or system configurations. Managers also cannot create or edit expense policies, though they're responsible for enforcing them.
Finance Team
Who gets this role: Finance team members, accounting staff, accounts payable specialists, and comptrollers receive the Finance Team role. This role provides the access needed to process payments and manage financial operations.
What finance can do. Finance team members can view all expenses, reports, and cash advances across the entire organization, regardless of department or submitter. They're responsible for processing reimbursements by marking approved reports as paid and recording payment details. They manage the complete cash advance lifecycle, including approving advance requests, disbursing funds, and ensuring advances are properly settled against actual expenses. Finance can configure currencies and exchange rates for international expenses, and set mileage reimbursement rates. They have access to organization-wide analytics and reporting tools to track spending trends, generate financial reports, and export data for accounting systems. In exceptional cases, finance team members have final approval authority with the ability to override previous decisions.
Cannot. Finance team members cannot manage users—they can't invite new users, deactivate accounts, or change role assignments. They cannot modify organization-wide settings that aren't related to financial operations. They're not authorized to create or edit expense policies, which is an administrator function. For data integrity reasons, finance cannot delete expenses or reports that have already been approved.
Auditor
Who gets this role: Internal auditors, compliance officers, risk management team members, and external audit contacts receive the Auditor role. This role is designed specifically for oversight and compliance purposes.
What auditors can do. Auditors have read-only access to all expenses, reports, and cash advances across the entire organization, allowing them to review any financial transaction. They can view complete audit logs showing every action taken in the system, including who performed each action and when. Auditors can generate comprehensive compliance reports and export all data for analysis or external audit purposes. They have visibility into policy violations, approval history, and the complete lifecycle of every expense from creation to payment.
Cannot. Auditors cannot create, edit, or delete anything in the system—their access is strictly read-only for oversight purposes. They cannot approve or reject reports, process payments, or perform any operational functions. They have no access to modify settings or configurations. The read-only nature of this role ensures audit independence.
Important note: If auditors need to submit their own expenses, they must also be assigned the Employee role. The Auditor role by itself provides no ability to create expenses.
Administrator
Who gets this role: IT administrators, system administrators, HR leads, and executive assistants who need to manage the Eloope system receive the Administrator role. This role should be assigned sparingly to only those who truly need full system access.
What administrators can do. Administrators have complete access to all features and data across the entire Eloope platform. They can invite new users and manage existing users, including assigning roles, deactivating accounts, and managing user profiles. Administrators configure organization-wide settings such as company name, branding, email templates, and notification preferences. They create expense policies and approval workflows, defining the rules that govern how expenses are processed. Administrators set up automation rules and integrations with accounting systems, HR platforms, or other business tools. They manage the organizational structure including departments, cost centers, and reporting hierarchies. Administrators have access to system logs, audit trails, and can configure backup and security settings.
Permission system
Eloope implements a granular permission system with 58 individual permissions organized into logical categories to provide precise access control.
Permission categories. Expense permissions control who can create, view, edit, delete, and approve individual expenses. Report permissions govern the ability to create, submit, view, approve, and reject expense reports. Finance permissions include processing reimbursements, managing cash advances, and configuring financial settings. User management permissions control inviting users, deactivating accounts, and changing role assignments. Settings permissions allow configuration of policies, expense categories, currencies, and system settings. Analytics permissions determine who can view reports and export data. Audit permissions control access to logs and violation reports.
Permission hierarchy. Permissions follow a scope hierarchy that defines how broadly access extends: own < team < all. For example, expense.view.own allows you to see only your own expenses, expense.view.team allows you to see your expenses plus your team members' expenses, and expense.view.all allows you to see everyone's expenses across the entire organization. This hierarchical structure ensures users have exactly the access they need without overly broad permissions.
Role comparison
This table provides a quick reference comparing what each role can do across key capabilities:
| Capability | Employee | Manager | Finance | Auditor | Admin |
|---|---|---|---|---|---|
| Submit own expenses | ✅ | ✅ | ✅ | ❌ | ✅ |
| View team expenses | ❌ | ✅ | ✅ | ✅ | ✅ |
| View all expenses | ❌ | ❌ | ✅ | ✅ | ✅ |
| Approve team reports | ❌ | ✅ | ✅ | ❌ | ✅ |
| Process reimbursements | ❌ | ❌ | ✅ | ❌ | ✅ |
| Manage users | ❌ | ❌ | ❌ | ❌ | ✅ |
| Configure policies | ❌ | ❌ | ❌ | ❌ | ✅ |
Requesting role changes
If you need additional roles or permissions to perform your job responsibilities, you'll need to contact your organization's Eloope administrator.
Start by sending an email to your HR department or IT team explaining which role you need and why. Provide clear justification for the role by describing which tasks you need to perform that your current role doesn't allow. If you only need temporary access—for example, to cover for a colleague who's on vacation—specify the exact dates when you'll need the additional permissions. Once you submit your request, wait for approval confirmation from your administrator, who will evaluate whether the role assignment is appropriate and then activate it for your account.
Checking your roles
You can view your current roles and detailed permissions at any time through your account settings.
To check your roles, click the profile icon in the top-right corner of any Eloope page. Select "Profile" or "Account Settings" from the dropdown menu. Scroll down to the "Roles & Permissions" section, which lists all roles currently assigned to your account. If you want to see the specific permissions granted by your roles, click "View All Permissions" to expand a detailed list of every action you're authorized to perform.
Related articles
- What is Eloope?
- Quick Start for Managers
- Admin Guide: Managing Users
- Security & Data Privacy
Up next
Learn Your dashboardin Eloope.