Understanding roles and permissions

When you invite someone to your team, you assign them a role that determines what they can see and do in your Mercury organization. Roles help you control access to money movement, accounts, cards, and sensitive settings while giving teammates the tools they need to do their job.

This article explains the differences between Employee, Admin, and Custom roles, what permissions each role includes, and where to find the most up-to-date roles and permissions in our demo environment.

Role types at a glance

When you invite a team member, you assign them a role. Each role comes with its own set of permissions. Some roles are fixed; others can be created and edited to match your team's needs.

Role Access Level Customizable
Employee Assigned cards and reimbursements only. No visibility into bank accounts, balances, or account numbers No
Admin Has full access to the account, settings, users, and controls No
Accountant Can view all accounts, transactions, and manage books Yes — permissions can be adjusted
Custom roles Defined by the permissions and account access you configure Yes — fully configurable

Employee role capabilities 

The Employee role is designed for teammates who need to spend company funds or submit expenses without visibility into sensitive banking information.

Employees can:

  • Be issued debit and/or credit cards
  • View and manage their own cards
  • View their own transactions
  • Submit reimbursements (based on your expense settings)

Employees cannot:

  • View account balances or account numbers
  • See company-wide transactions
  • View other team members’ activity
  • Move money between accounts
  • Send payments or manage recipients
  • Access accounting, user management, or security settings


This role is best for team members who need limited, task-specific access without exposure to financial controls.


Admin capabilities

Admins have the highest level of access in Mercury. They’re considered super users because they can manage the account’s structure, security, and financial controls end to end. Admins have all of the capabilities below by default, without additional configuration.

Note: Any permission with an asterisk (*) is available to admins only and aren’t configurable via Custom role 

Account and security management

  • Update core account settings*
  • Create and manage checking and savings accounts
  • Link external bank accounts
  • Receive and manage security alerts
  • Create API tokens*
  • Approve 2FA reset requests*
  • Request changes to payment limits*

Team and role management

  • Invite and remove team members
  • Manage roles and permissions for all users (including other Admins on the account*)
  • Assign and revoke Custom roles

Money movement and approvals

  • Send money and pay bills
  • Approve payments (when approval rules are enabled)
  • Initiate internal transfers
  • Create auto transfer rules*
  • Manage payment recipients
  • Create invoices and request payments
  • Deposit checks

Policies and controls

  • Manage ACH authorizations
  • Configure approval policies for payments and account changes*


Note: Depending on your org’s approval rules, some payments and actions may require approval. Approval rules help add oversight by defining approvers, thresholds, and controls like dual admin approval. Learn more about approvals here.


Custom roles

Custom roles let you define reusable permission sets that reflect real responsibilities in your organization. Any changes you make to a custom role automatically apply to everyone assigned to it.

Custom roles are created by selecting which permissions to grant and choosing which accounts the role can access. 

You can start from scratch or use templates as a starting point. Templates feature common permission sets but can be edited as needed:

  • Finance Lead: Broad non-admin access across payments, cards, users, accounting, expenses, and documents
  • Read-only: View-only access to accounts and transactions, with optional card issuance
  • Money mover: Ability to initiate payments and transfers and manage recipients


For step-by-step instructions, see Setting up custom roles.

Configurable permissions

When building a Custom role, you’ll select which permissions make up the Custom role and determine what actions users in that role can do.

1 - Select which money movement actions the role can perform:
  • Send money (subject to approval policies if enabled)
  • Add, edit, and remove payment recipients
  • Initiate internal transfers
  • Create invoices and payment links
  • Deposit checks
2 - Select which operational actions the role can take: 
  • Managing ACH authorizations
  • Managing users (anyone except admins)
  • Issuing, blocking, and removing cards
  • Managing accounting tasks such as categorizing transactions and managing accounting integrations and 1099 filings 
3 - Select how the role interacts with expenses:
  • Submission only
  • View only
  • Submit and approve expenses
  • Manage expense policies
4 - Specify which accounts the role has access to. At least one account must be selected. 
  • Permissions only apply to the accounts a user has access to. For example, a user may have permission to send money, but if they don’t have access to a specific account, they won’t be able to send funds from that account or view its details.

Explore roles and permissions in Mercury Demo

If you want to see how roles and permissions work in practice, you can view them directly in our demo environment: https://demo.mercury.com/settings/users. Mercury demo lets you view available permissions, experiment with role configurations, and explore the Mercury product.


Mercury is a fintech company, not an FDIC-insured bank. Banking services are provided by Choice Financial Group and Column N.A., Members FDIC.

Did you find this article helpful?