When you invite someone to your team, you assign them a role that determines what they can see and do in your Mercury organization. Roles help you control access to money movement, accounts, cards, and sensitive settings while giving teammates the tools they need to do their job.
This article explains the differences between Employee, Admin, and Custom roles, what permissions each role includes, and where to find the most up-to-date roles and permissions in our demo environment.
Role types at a glance
When you invite a team member, you assign them a role. Each role comes with its own set of permissions. Some roles are fixed; others can be created and edited to match your team's needs.
| Role | Access Level | Customizable |
| Employee | Assigned cards and reimbursements only. No visibility into bank accounts, balances, or account numbers | No |
| Admin | Has full access to the account, settings, users, and controls | No |
| Accountant | Can view all accounts, transactions, and manage books | Yes — permissions can be adjusted |
| Custom roles | Defined by the permissions and account access you configure | Yes — fully configurable |
Employee role capabilities
The Employee role is designed for teammates who need to spend company funds or submit expenses without visibility into sensitive banking information.
Employees can:
- Be issued debit and/or credit cards
- View and manage their own cards
- View their own transactions
- Submit reimbursements (based on your expense settings)
Employees cannot:
- View account balances or account numbers
- See company-wide transactions
- View other team members’ activity
- Move money between accounts
- Send payments or manage recipients
- Access accounting, user management, or security settings
This role is best for team members who need limited, task-specific access without exposure to financial controls.
Admin capabilities
Admins have the highest level of access in Mercury. They’re considered super users because they can manage the account’s structure, security, and financial controls end to end. Admins have all of the capabilities below by default, without additional configuration.
Note: Any permission with an asterisk (*) is available to admins only and aren’t configurable via Custom role
Account and security management
- Update core account settings*
- Create and manage checking and savings accounts
- Link external bank accounts
- Receive and manage security alerts
- Create API tokens*
- Approve 2FA reset requests*
- Request changes to payment limits*
Team and role management
- Invite and remove team members
- Manage roles and permissions for all users (including other Admins on the account*)
- Assign and revoke Custom roles
Money movement and approvals
- Send money and pay bills
- Approve payments (when approval rules are enabled)
- Initiate internal transfers
- Create auto transfer rules*
- Manage payment recipients
- Create invoices and request payments
- Deposit checks
Policies and controls
- Manage ACH authorizations
- Configure approval policies for payments and account changes*
Note: Depending on your org’s approval rules, some payments and actions may require approval. Approval rules help add oversight by defining approvers, thresholds, and controls like dual admin approval. Learn more about approvals here.
Custom roles
Custom roles let you define reusable permission sets that reflect real responsibilities in your organization. Any changes you make to a custom role automatically apply to everyone assigned to it.
Custom roles are created by selecting which permissions to grant and choosing which accounts the role can access.
You can start from scratch or use templates as a starting point. Templates feature common permission sets but can be edited as needed:
- Finance Lead: Broad non-admin access across payments, cards, users, accounting, expenses, and documents
- Read-only: View-only access to accounts and transactions, with optional card issuance
- Money mover: Ability to initiate payments and transfers and manage recipients
For step-by-step instructions, see Setting up custom roles.
Configurable permissions
When building a Custom role, you’ll select which permissions make up the Custom role and determine what actions users in that role can do.
1 - Select which money movement actions the role can perform:
- Send money (subject to approval policies if enabled)
- Add, edit, and remove payment recipients
- Initiate internal transfers
- Create invoices and payment links
- Deposit checks
2 - Select which operational actions the role can take:
- Managing ACH authorizations
- Managing users (anyone except admins)
- Issuing, blocking, and removing cards
- Managing accounting tasks such as categorizing transactions and managing accounting integrations and 1099 filings
3 - Select how the role interacts with expenses:
- Submission only
- View only
- Submit and approve expenses
- Manage expense policies
4 - Specify which accounts the role has access to. At least one account must be selected.
Permissions only apply to the accounts a user has access to. For example, a user may have permission to send money, but if they don’t have access to a specific account, they won’t be able to send funds from that account or view its details.
Explore roles and permissions in Mercury Demo
If you want to see how roles and permissions work in practice, you can view them directly in our demo environment: https://demo.mercury.com/settings/users. Mercury demo lets you view available permissions, experiment with role configurations, and explore the Mercury product.
Mercury is a fintech company, not an FDIC-insured bank. Banking services are provided by Choice Financial Group and Column N.A., Members FDIC.