Manage entity users
Entity-level user management controls who can access a specific company and what they can do. This is where the granular roles get assigned.
Only entity Administrators can manage entity users.
Add a user
A user has to be in the organization before you can add them to an entity. See Managing Users (Organization) if they have not been invited.
The current Settings nav under Company has General, People, Groups, Roles & permissions, and Approval policies — but no dedicated Members / Users page at the company tier. Organization-level user management lives at Settings → Organization → Members (see Managing organization users). Per-entity role assignments are configured by your Mod AI implementation manager when they invite a user — pass them the user's email plus the entity role you want (Administrator, Controller, AP Specialist, Approver, or Auditor), and they handle the assignment. Once they confirm, the user has access immediately at the assigned role. A self-serve per-entity Users page is on the roadmap.
Role descriptions
| Role | What it covers |
|---|---|
| Administrator | Full access. Manages users, configures settings, creates policies, and customizes the Agent. |
| Controller | Finance leadership. Approves at any tier, holds, cancels, exports, and oversees AP operations. Manages approval policies and customizes the Agent. Cannot manage users or modify entity settings. |
| Approver | Reviews and approves or rejects routed documents. Can view and edit invoices. Cannot manage settings or policies. If their only role is Approver, they see restricted approver mode. |
| AP Specialist | Uploads, reviews, edits, approves, rejects, and routes invoices. Customizes the Agent. Cannot manage approval policies, users, or entity settings. |
| Auditor | Read-only access to everything in the entity. |
Assign the minimum role someone needs. Most day-to-day AP users are AP Specialists or Approvers. Reserve Administrator and Controller for team leads and finance owners.
For granular control beyond these five roles, see Roles and Permissions.
Change a user's role
There is no self-serve per-entity Users page in the customer-facing Settings UI, so changing a user's entity role is done through your Mod AI implementation manager. Email support@usemod.ai with the user's email, the entity, and the new role you want them to have (Administrator, Controller, AP Specialist, Approver, or Auditor). The change applies immediately on their next page load.
Remove a user from this entity
There is no self-serve per-entity Remove action in the customer-facing Settings UI either. Email support@usemod.ai with the user's email and the entity to remove them from. Removing a user from this entity does not remove them from the organization. They keep access to any other entities they belong to.