Are you receiving SNAP/EBT benefits? The campaign is live and accepting new members. Learn more about receiving $50 for submitting a SNAP receipt and $50 for getting your COVID-19 vaccine here and join today!

Deep Dive: Policy users and roles

Sheena Trepanier
Sheena Trepanier Approved! Accountant Posts: 1,354 Expensify Team
edited October 2021 in Deep Dive Docs

If you are using a  group policy, this article will help you learn the different roles each can have within your policy. If you're an individual user, this article will not apply to you.

Each of the policy users can be assigned to roles based on what access level they need to have. The bulk of users will only be Employee users in the People section in your group policy.

Policy Members

Group policy users are found and managed in Settings > Policies > Group [Policy Name] > People > Policy Members. To manage their roles click Settings and then select their role on the following screen.

You can assign auditors and admins here:

Now, let's take a deeper look at each of the roles found at the policy level. 


This role has no ability to change policy settings nor invite new users to the policy. Members in this role will only see their own reports and any reports submitted to or shared with them.

  • Employees should be in this role only, in an ideal setup.
  • Approvers can be in this role or they can also be Admins or Auditors depending on the level of control they should be allowed.

Policy Auditor

In addition to everything the Employee role can do, a Policy Auditor can view, comment on, and manually export (to CSV) all reports on the policy. 

If they're the Final Approver on a report, they can also  mark reports as reimbursed via Bulk Actions.

Who would be most suitable for this role?

  • Accountants that do not need to manually initiate ACH reimbursement, edit policy settings, or Take Control of reports to bypass the defined Approval Workflow
  • Bookkeepers
  • Internal or External Auditor Agents 
  • Anyone else who may need view-only permissions but should not be making policy settings changes

What can a Policy Auditor do?

  • Has visibility of all reports connected to the policy and will be able to make comments on them
  • Can export to an export template
  • Cannot edit policy settings  
  • Can be designated as an approver
  • Can Mark as reimbursed reports they personally Final Approved via bulk actions
  • Create and submit their own reports
  • Cannot Unapprove a report

Are auditors billable users?

  • Yes, Auditors are still billable users and will still incur a billing charge if they take any report activity (creating, submitting, approving, rejecting, retracting, or exporting a report) during any given month. 
  • Viewing a report, however, is not billable activity.

Policy Admins

This role has total control over the group policy settings. 

What can a Policy Admin do?

  • Can change categories, tags, connections, etc., as well as invite people to the policy.  (If Domain Control is enabled, only a Domain Admin will be able invite users on the Domain.
  • View all reports of all employees on the policy whether they are open, processing, approved, or reimbursed. 
  • Can also reimburse reports if they have access to the company ACH withdrawal account.
  • Can Submit open reports and Take Control of submitted reports on the policy.

Other notes about this role:

  • Approvers can be Admin or Employee users depending on the level of control they should be assigned.
  • Billing Owners are Admins by default.
  • Authorized Admins are any user that is assigned by the owner or another admin to be a policy admin.

Are Admins billable users?

  • Yes, Admins are billable users and will still incur a billing charge if they take any report activity (creating, submitting, approving, rejecting, retracting, or exporting a report) during any given month. 
  • Viewing or commenting on a report, however, is not billable activity.
Now that you have a better understanding of group policy users and their roles, let us know in the comments if you have any follow up questions or would like a dive into something related. 

Technical Contact

The policy technical contact is set by heading to Settings > Policies > Group 
[Policy Name] > Connections > Technical ContactIn the event of any connection issues, Expensify will alert the policy billing owner by email. If you'd prefer to alert an IT administrator instead, you can enter their information as a technical contact instead. 

Please note, the technical contact does not need to be a member of your policy to receive connection related emails.