Roles and permissions are carefully designed to give you the most efficient workflow, and help to make sure that payments only go out when you want them to. Here’s an overview of what each role means in Apron.
Owner role
The Owner has complete control over the account:
Full access to all features and settings.
Can transfer ownership to another member.
Can add, edit, and remove all other members.
Has all Admin, Bookkeeper, and Employee permissions.
There can be only one Owner per account.
Admin role
Admins have comprehensive access to manage the account:
Payment permissions – Create, approve, and process all payments.
Member management – Add, edit, and remove team members.
Settings access – Modify company settings and integrations.
Billing control – Manage subscriptions and payment methods.
Workflow setup – Create and modify approval workflows.
Full visibility – Access to all transactions and data (access to payroll can be limited).
Bookkeeper role
Bookkeepers focus on document processing and financial records:
Document access – Upload, review, and publish all documents.
Transaction management – Handle receipts and expense submissions.
Draft payments – Create payments for others to approve
Accounting integration – Publish to Xero or QuickBooks.
Cannot process payments – Can draft but not authorise payments.
Employee role
Employees have limited access focused on their expenses:
Apron Card usage – Use company cards for business expenses.
Receipt uploads – Submit receipts and expense documents.
Reimbursement requests – Request payment for personal expenses.
Limited visibility – Only see their own transactions.
Cannot access – Company payments or other members' data.
Custom role
Need a combination of all of these? Create tailored permissions for specific needs:
Payment permissions – Choose specific payment capabilities.
Bookkeeping access – Select document and transaction rights.
Admin functions – Pick which settings they can access.
Mixed permissions – Combine elements from different standard roles.
Choosing the right roles
We recommend that you keep it simple and adapt as you become familiar with how Apron works.
Start conservatively – Begin with minimal permissions.
Role-based approach – Align permissions with job responsibilities.
Regular reviews – Update permissions as roles change.
Security best practices
Limit Admin access to essential personnel only.
Use approval workflows for payment controls.
Regularly audit who has what access.
Remove access immediately when people leave.
Train team members on their specific permissions.
Changing roles
Any Admin can modify roles at any time. Find out how in this article: Edit user access.