Asset Permissions & Role Setup
AccuArk's Asset Management module uses role-based access control (RBAC) to determine who can view, create, edit, and manage assets. Each feature within the module checks for a specific ASSET_* permission. Users without the required permission cannot access the feature. This guide provides a complete reference for all asset permissions, their effects, and recommended role configurations.
How Permissions Work
Every asset management feature checks for a specific permission before allowing access. When a user tries to open a form, click a button, or perform an action, the system verifies that their role includes the required permission. If the permission is missing, the user either sees an "Access Denied" message or the relevant menu item, button, or form element is hidden entirely.
Permissions are assigned to roles, and roles are assigned to users. A user inherits all permissions from their assigned role. To grant a new permission, you add it to the user's role. To revoke a permission, you remove it from the role.
Complete Permission Reference
The following table lists every permission in the Asset Management module and describes what it controls:
| Permission | Controls |
|---|---|
| View Assets | View the asset register, asset dashboard, and individual asset detail records. This is the base permission required to access any asset information. |
| Create Assets | Create new assets, either through the manual entry form or the acquisition wizard. Without this permission, the New Asset button and wizard are not available. |
| Edit Assets | Edit existing asset records, including changing names, categories, locations, depreciation settings, and other fields. Without this permission, asset forms open in read-only mode. |
| Delete Assets | Delete or deactivate asset records. This permission is required to remove an asset from the active register. Assets with existing transactions cannot be hard-deleted; use Dispose instead. |
| Transfer Assets | Perform asset transfers between locations. Without this permission, the Transfer button is hidden on the asset detail form. |
| Check Out Assets | Check out assets to employees and process returns. Without this permission, the Checkout and Return buttons are hidden. |
| Dispose Assets | Record asset disposals (sale, scrap, donation, trade-in, write-off). Without this permission, the Dispose button is hidden on the asset detail form. |
| Asset Maintenance | Log maintenance events and manage maintenance schedules. Without this permission, the Maintenance tab and related buttons are hidden. |
| Asset Depreciation | Run depreciation calculations, preview depreciation results, and reverse depreciation entries. Without this permission, the Depreciation menu items are hidden. |
| Approve Assets | Approve or reject pending asset actions that require approval (such as high-value transfers). Without this permission, the Approval Queue is not accessible. |
| Asset Admin | Manage asset categories, configure asset settings, perform bulk CSV imports, and initiate physical audits. This is an administrative permission for system configuration tasks. |
| Asset Reports | Access all asset reports under the Reports > Assets submenu. Without this permission, the Assets submenu is hidden from the Reports menu. |
Role Hierarchy Defaults
AccuArk ships with a set of default role-permission assignments for asset management:
| Permission | Super Admin | Location Admin | Manager | Employee | Accountant |
|---|---|---|---|---|---|
| View Assets | Yes | Yes | No | No | No |
| Create Assets | Yes | Yes | No | No | No |
| Edit Assets | Yes | Yes | No | No | No |
| Delete Assets | Yes | Yes | No | No | No |
| Transfer Assets | Yes | Yes | No | No | No |
| Check Out Assets | Yes | Yes | No | No | No |
| Dispose Assets | Yes | Yes | No | No | No |
| Asset Maintenance | Yes | Yes | No | No | No |
| Asset Depreciation | Yes | Yes | No | No | No |
| Approve Assets | Yes | Yes | No | No | No |
| Asset Admin | Yes | Yes | No | No | No |
| Asset Reports | Yes | Yes | No | No | No |
Super Admin and Location Admin have all ASSET_* permissions by default, giving them full access to every asset management feature.
Manager, Employee, and Accountant roles have no asset permissions by default. This means asset management is not visible to these roles until permissions are explicitly granted by an administrator. This is by design: asset management is a specialized function and access should be granted intentionally based on job responsibilities.
Recommended Role Configurations
The following configurations are recommendations for common job functions. Adjust them to match your organization's needs.
Asset Manager
An Asset Manager is responsible for the day-to-day management of assets, including creating, editing, transferring, disposing, and maintaining assets. They need broad access but do not necessarily need administrative or approval capabilities.
Recommended permissions: View Assets, Create Assets, Edit Assets, Transfer Assets, Check Out Assets, Dispose Assets, Asset Maintenance, Asset Depreciation, Asset Reports
This configuration gives the Asset Manager full operational access to assets while reserving Approve Assets, Asset Admin, and Delete Assets for higher-level administrators.
Maintenance Technician
A Maintenance Technician needs to view assets and log maintenance events but does not need to create, transfer, dispose, or otherwise modify asset records.
Recommended permissions: View Assets, Asset Maintenance
This minimal configuration allows technicians to see asset details and record their work without exposing financial or administrative functions.
Accountant
An Accountant needs to view asset data, run depreciation calculations, and generate reports for financial statements and audits. They do not typically need to create or modify asset records.
Recommended permissions: View Assets, Asset Depreciation, Asset Reports
This configuration provides the financial visibility accountants need while keeping operational functions (transfers, disposals, maintenance) restricted to the appropriate roles.
General Employee
A General Employee may need to see which assets are assigned to them but does not need to modify any asset records.
Recommended permissions: View Assets
This read-only configuration allows employees to view the asset register and their assigned assets without being able to change anything.
Asset Administrator
An Asset Administrator has full control over the asset management module, including system configuration, bulk imports, and approval workflows.
Recommended permissions: All ASSET_* permissions (View Assets, Create Assets, Edit Assets, Delete Assets, Transfer Assets, Check Out Assets, Dispose Assets, Asset Maintenance, Asset Depreciation, Approve Assets, Asset Admin, Asset Reports)
This is equivalent to the default Super Admin configuration and should be reserved for users who are responsible for the overall asset management system.
How to Grant Permissions
To add or remove asset permissions for a role:
- Navigate to Settings > Roles & Permissions in the main menu.
- Select the role you want to modify from the roles list.
- Scroll down to the Assets section in the permissions panel.
- Check the box next to each permission you want to grant, or uncheck it to revoke.
- Click Save to apply the changes.
Changes take effect the next time a user with that role logs in or opens a new form. Users who are already logged in may need to close and reopen asset forms to see the updated permissions.
Best Practices
- Follow the principle of least privilege. Grant only the permissions each role needs to perform its job function. This reduces the risk of accidental or unauthorized changes.
- Create custom roles for specialized functions. Instead of granting a broad set of permissions to an existing role like Manager, create a dedicated "Asset Manager" or "Maintenance Tech" role with only the required permissions.
- Review permissions quarterly. As job responsibilities change, permissions may become outdated. Schedule a quarterly review to ensure each role still has the appropriate level of access.
- Document your permission decisions. Keep a record of why each role has the permissions it does. This makes it easier to onboard new administrators and respond to audit questions.
- Test after changes. After modifying permissions, log in as a user with the affected role to verify that the changes have the intended effect.
What to Read Next
- Asset Reports Overview — Understanding report access requirements
- Troubleshooting & FAQ — Solutions to common access and permission issues