Overview
UniAsset uses role-based access control (RBAC) to determine what each user can see and do. Every user is assigned exactly one role — either one of the five built-in system roles or a custom role created by an Owner.
The Roles & Permissions page is where you view the built-in role definitions and manage any custom roles for your organisation.
Who Can Access This
Only the Owner can access the Roles & Permissions settings page and create or modify custom roles.
How to Access This Section
- Log in to your UniAsset account
- Click Settings in the left sidebar
- Select Roles & Permissions
The Five Built-in Roles
Built-in roles are fixed — they cannot be edited or deleted. Every UniAsset organisation has these five roles available.
Owner
The highest-privilege role. There is exactly one Owner per organisation.
- Full access to all assets, categories, departments, locations, and settings
- Can invite, edit, and remove users (including changing their roles)
- Can manage billing and subscription settings
- Can delete the organisation
- Can create and manage API keys, webhooks, and integrations
- Can create custom roles
Admin
Organisation-wide management access, excluding billing and a few Owner-exclusive actions.
| Can do | Cannot do |
|---|---|
| Create, read, update, delete assets | Access billing or subscription settings |
| Manage categories, departments, locations | Delete the organisation |
| Create and complete maintenance records | Manage API keys or webhooks |
| View reports | Create or modify custom roles |
| Read user list | Invite, edit, or delete users |
Manager
Operational management without destructive or administrative capabilities.
| Can do | Cannot do |
|---|---|
| Create, read, update assets | Delete assets |
| Assign assets to users or departments | Manage categories, departments, locations |
| Create and complete maintenance records | View or manage user accounts |
| View reports | Access billing, API keys, or settings |
Employee
Day-to-day asset interaction — reading and updating, no deletions or management.
| Can do | Cannot do |
|---|---|
| Read asset details | Create new assets |
| Update asset records | Delete assets |
| Read and update maintenance records | Create maintenance records |
| Complete assigned maintenance | Manage any settings |
| Mark maintenance as complete | View reports |
Viewer
Read-only access across the platform.
| Can do | Cannot do |
|---|---|
| View assets | Create, update, or delete anything |
| View categories and departments | Access settings |
| View organisation information | View reports |
Viewers are never shown upgrade prompts or limit warnings.
Permission Reference
The table below summarises permissions across all five built-in roles:
| Permission | Owner | Admin | Manager | Employee | Viewer |
|---|---|---|---|---|---|
| asset:create | ✓ | ✓ | ✓ | — | — |
| asset:read | ✓ | ✓ | ✓ | ✓ | ✓ |
| asset:update | ✓ | ✓ | ✓ | ✓ | — |
| asset:delete | ✓ | ✓ | — | — | — |
| asset:assign | ✓ | ✓ | ✓ | — | — |
| category:create/update/delete | ✓ | ✓ | — | — | — |
| category:read | ✓ | ✓ | ✓ | ✓ | ✓ |
| maintenance:create | ✓ | ✓ | ✓ | — | — |
| maintenance:read | ✓ | ✓ | ✓ | ✓ | — |
| maintenance:update | ✓ | ✓ | ✓ | ✓ | — |
| maintenance:complete | ✓ | ✓ | ✓ | ✓ | — |
| maintenance:delete | ✓ | ✓ | — | — | — |
| report:view | ✓ | ✓ | ✓ | — | — |
| user:create/update/delete | ✓ | — | — | — | — |
| user:read | ✓ | ✓ | — | — | — |
| department:read | ✓ | ✓ | — | — | ✓ |
| tenant:read | ✓ | ✓ | ✓ | ✓ | ✓ |
| tenant:update | ✓ | — | — | — | — |
Custom Roles
In addition to the five built-in roles, Owners can create custom roles with granular control over asset scope and specific capabilities. Custom roles are useful when you need to give a user access to only part of your asset inventory — for example, a technician who should only see assets assigned to their department.
What a custom role defines
| Setting | Options |
|---|---|
| Role name | Any label for internal reference |
| Asset scope | SELF, DEPARTMENT, LOCATION, or ALL |
| Can view assets | Yes / No |
| Can edit assets | Yes / No |
| Can delete assets | Yes / No |
| Can manage users | Yes / No |
| Can view dashboard | Yes / No |
| Can view reports | Yes / No |
Asset scope
The asset scope determines which assets a user with this custom role can see and act on:
| Scope | What the user can access |
|---|---|
| SELF | Only assets assigned directly to them |
| DEPARTMENT | Assets assigned to their department |
| LOCATION | Assets at their assigned location |
| ALL | All assets in the organisation |
How to create a custom role
- Navigate to Settings > Roles & Permissions
- Click Create Custom Role
- Enter a Role Name
- Select the Asset Scope
- Toggle the individual permissions (view, edit, delete assets; manage users; view dashboard; view reports)
- Click Save
The custom role is immediately available to assign to users from the User Management page.
How to edit a custom role
- Navigate to Settings > Roles & Permissions
- Find the custom role and click Edit
- Update the name, scope, or permission toggles
- Save the changes
Changes apply to all users currently assigned that role.
How to delete a custom role
Custom roles that are assigned to one or more users cannot be deleted until those users are reassigned to a different role. Once no users hold the role, open its actions menu and select Delete.
Assigning Roles to Users
Roles are assigned from the User Management page, not from Roles & Permissions. See the User Management article for instructions on inviting users and changing their roles.
Important Notes & Limitations
Built-in roles cannot be modified
- The five system roles (Owner, Admin, Manager, Employee, Viewer) are fixed. Their permission sets cannot be changed.
There is exactly one Owner per organisation
- Ownership can be transferred to another user, but only one user can hold the Owner role at any time.
Custom roles are limited to asset-level scoping
- Custom roles control asset access and a small set of capabilities. They do not provide granular control over settings pages, billing, or integrations — those remain tied to the built-in role hierarchy.
Custom role changes affect all users with that role immediately
- Editing a custom role updates permissions for every user assigned to it in real time.
Only the Owner can manage custom roles
- Admins cannot create, edit, or delete custom roles.
Frequently Asked Questions
Can an Admin invite and manage users?
No. Only the Owner can invite, edit, or remove users and change their roles. Admins can read the user list but cannot modify it.
What is the difference between Manager and Admin?
Admins have broader access: they can manage categories, departments, locations, and read the user list. Managers are limited to operational tasks — creating and completing maintenance, assigning assets — but cannot touch settings or user data. Neither role can access billing.
Can I create a role that only sees assets at a specific location?
Yes. Create a custom role and set the Asset Scope to LOCATION. Users with this role will only see and interact with assets at their assigned location.
Can I have multiple Owners?
No. UniAsset supports exactly one Owner per organisation. If you need Owner-level access for multiple people, consider whether the Admin role covers the required capabilities.
What happens to users assigned a custom role if that role is deleted?
You cannot delete a custom role while users are assigned to it. Reassign all users to another role first, then delete the custom role.
Can Employees create assets?
No. Employees can read and update existing assets and complete maintenance records, but they cannot create new assets. Use the Manager or Admin role for users who need to create assets.
Need Help?
If you have questions not covered in this article, our support team is here to help.
Contact Support