To provide companies with maximum flexibility while adhering to strong security standards, Payhawk manages user actions through a structured 3‑tier access architecture. This framework ensures that every action is properly authenticated, sequentially governed, and contextually restricted.
The Payhawk access model
The Payhawk access model operates across the following layers:
Roles and permissions (identity and authorization) - Define the user’s identity in the system and their baseline privileges (who is permitted to interact with the platform).
Workflows (process governance) - Govern the procedural sequence of actions (when a user is authorized to act).
Visibility (data‑level access) - Determine which data a user can access or modify during their workflow steps (where a user can view or apply data).
The following sections explain how these 3 tiers interact to maintain full control and security over spend management processes.
The foundational access control tier
Roles and permissions form the foundational layer of Payhawk’s access model, establishing the basic rights for users to interact with specific modules and objects in the platform.
Standardized minimum permissions - Every Payhawk role includes a predefined set of essential permissions equivalent to the Payhawk Employee baseline capabilities.
Granular customization with custom roles - Payhawk Administrators can expand role access through role extensions and custom roles, adjusting and layering permissions as needed and up to full Payhawk Administrator privileges.
Distinct action scopes - Roles define what a user may interact with, while workflows define when and how those actions occur. Actions such as approving, reviewing, or paying are controlled exclusively through workflows rather than role permissions.
Process governance and execution tier
Workflows dictate how actions progress through defined stages of an object’s lifecycle, serving as the operational backbone for authorization steps, such as submission, approval, review, payment initiation, and payment confirmation.
The workflow execution rules provide for the following scenarios:
Explicit participation - Only users or roles explicitly assigned to a workflow step can execute or reverse actions at that stage.
Role‑based restrictions - Standard employee roles cannot participate in all steps of the workflow.
Administrative default access - Payhawk Administrators and accountants have universal authority across all workflows, allowing them to take action even if they are not specifically assigned to a given process.
Data‑level scope regulation tier
Visibility is the final layer, restricting or expanding user access to data elements during workflow execution.
Granular targeting - Visibility settings apply to object‑level elements such as custom fields, dropdown options, or expense categories.
Scope management - They act as dynamic filters, adjusting a user’s accessible data based on organizational rules and hierarchy.
For example, a Team Manager with permission to view team expenses may only see specific departmental cost centers when approving invoices, while higher‑level custom fields remain hidden.
For more information on visibility settings, see: