How Access Works
Access is role-based: a role is a set of permissions (what's visible in the menu and what actions are allowed).
Typical roles: account administrator, financial director, treasurer, procurement officer, financial controller, cost center manager, observer.
Who Can Do What
Create requests and documents—employees in the relevant section (treasurer, procurement officer).
Approve (accept/reject)—those with approval rights (usually managers and financial control).
Configure the system (roles, routes, integrations)—account administrator.
It's better to deactivate a fired employee than delete them—this preserves the history of their actions in documents.