UniAsset
Home/Knowledge Base/Users & Permissions/Changing User Roles and Permissions - Manage Access Control
Back to Users & Permissions

Changing User Roles and Permissions - Manage Access Control

5 min readbeginnerLast updated: January 2, 2026

Overview

Change user roles in UniAsset to adjust access levels as team responsibilities evolve. Promote users to higher privileges or demote them to more restricted access based on organizational needs.

Who Can Access This

Required role: Owner or Admin

Why restricted:

  • Prevents unauthorized privilege escalation
  • Maintains security controls
  • Ensures accountability for permission changes

Cannot do:

  • Change your own role (prevents accidental self-lockout)
  • Change the Owner's role (Owner is permanent until transfer)

How to Access

  1. Navigate to Settings → Users (main sidebar)
  2. Find the user in the active users list
  3. Locate the Role dropdown next to their name
  4. Select new role from dropdown
  5. Change takes effect immediately (no confirmation dialog)

The Four Roles

UniAsset has four hierarchical permission levels:

Owner

Full system access including billing

  • Manage subscription and payment methods
  • Delete the entire organization
  • Transfer ownership to another user
  • All Admin capabilities
  • Limitation: Only ONE Owner per organization

When to assign:

  • Organization founder or CEO
  • Billing contact
  • Long-term trusted stakeholder

Admin

Full operational access, no billing

  • Manage all assets, categories, locations, departments
  • Invite and remove users
  • Change user roles (except Owner)
  • Delete assets and maintenance records
  • Configure system settings

When to assign:

  • IT managers
  • Operations managers
  • Facility managers (2-4 people maximum)

Manager

Create and manage assets, limited admin access

  • Create and edit assets
  • Log and update maintenance
  • Assign assets to users/locations
  • Upload documents and images
  • Run reports

Cannot do:

  • Delete assets or maintenance records
  • Manage categories, locations, or users
  • Access billing or system settings

When to assign:

  • Department heads
  • Supervisors
  • Field technicians (most operational users)

Viewer

Read-only access

  • View all assets and reports
  • Export data to CSV
  • See maintenance history

Cannot do:

  • Create, edit, or delete anything
  • Upload files
  • Log maintenance

When to assign:

  • External auditors
  • Contractors
  • Temporary consultants
  • Executives who only need visibility

Changing a User's Role

Step-by-Step

  1. Go to Settings → Users
  2. Find user in the list
  3. Click the Role dropdown (current role shown)
  4. Select new role:
    • Owner (cannot select - requires ownership transfer)
    • Admin
    • Manager
    • Viewer
  5. Role updates immediately

No confirmation dialog. Change is instant.

What Happens After Change

User already logged in:

  • New permissions apply on next page load
  • User may need to refresh browser to see UI changes
  • Sessions remain valid (no forced logout)

User navigates to restricted page:

  • If demoted (Admin → Manager), loses access to Settings
  • Redirected to Dashboard if accessing forbidden area
  • No error message, just blocked access

Best practice: Notify user about role change via email or chat

Common Role Transitions

Scenario 1: Promote Manager to Admin

Situation: Facility Manager becomes Operations Director, needs system configuration access

Steps:

  1. Settings → Users → Find "John Smith"
  2. Change role from Manager to Admin
  3. Notify John: "You now have Admin access. You can configure categories, locations, and invite users."

Result:

  • John can now access Settings pages
  • Can manage categories and locations
  • Can invite new team members

Scenario 2: Demote Admin to Manager

Situation: IT Manager leaves operations role, no longer needs admin privileges

Steps:

  1. Settings → Users → Find "Jane Doe"
  2. Change role from Admin to Manager
  3. Notify Jane: "Your access has been adjusted. You retain asset management but can no longer configure system settings."

Result:

  • Jane loses Settings access
  • Retains ability to manage assets and log maintenance
  • Cannot delete assets or manage users

Scenario 3: Grant Temporary Viewer Access

Situation: External auditor needs read-only access for 30 days

Steps:

  1. Invite auditor with Viewer role (see Inviting Users guide)
  2. Auditor reviews inventory and exports reports
  3. After audit completes, remove user entirely (Settings → Users → Remove)

Result:

  • Auditor sees all data but cannot make changes
  • No risk of accidental modifications
  • Easy to remove when access no longer needed

Role Restrictions and Constraints

Cannot Change Your Own Role

System prevents changing your own role to avoid:

  • Accidental self-demotion (Admin → Viewer, now can't fix it)
  • Security risk (Manager escalating to Admin)

If you need your own role changed:

  • Ask another Admin or the Owner to change it

Cannot Change Owner Role

Owner role cannot be modified through role dropdown.

To change Owner:

  • Use Transfer Ownership feature (separate process)
  • See Transfer Ownership guide for details

Role Change is Immediate

Unlike some systems, UniAsset role changes apply instantly:

  • No approval workflow
  • No email verification
  • No logout/login required

Be careful:

  • Double-check before clicking
  • Accidental demotion can disrupt user workflow

Role Decision Matrix

Use this table to choose the appropriate role:

User Needs To...Minimum Required Role
Manage billing and subscriptionOwner
Delete organizationOwner
Transfer ownershipOwner
Invite usersAdmin
Configure categories/locationsAdmin
Delete assetsAdmin
Create and edit assetsManager
Log maintenanceManager
Upload documentsManager
View assets onlyViewer
Export dataViewer

Principle of Least Privilege: Assign the lowest role that gives the user what they need. Most users should be Managers or Viewers, not Admins.

Audit Trail

Every role change is logged in the system audit trail:

What's recorded:

  • User whose role changed
  • Old role → New role
  • Who made the change
  • Timestamp

Where to view:

  • Currently not visible in UI
  • Available to support team for security investigations

Future enhancement: Role change history visible in Settings → Users

Use Cases

Quarterly Access Review

Goal: Ensure users have appropriate access levels

Process:

  1. Go to Settings → Users
  2. Review each user's current role
  3. Ask: "Does this person still need this level of access?"
  4. Demote users who no longer need high privileges
  5. Document review in internal compliance records

Compliance value: Demonstrates least-privilege enforcement for audits

Onboarding Manager to Admin Path

Goal: New hire starts as Manager, earns Admin after training

Timeline:

  • Day 1: Invited as Manager (can create assets, log maintenance)
  • Week 4: Completes training, proven competent
  • Week 5: Promoted to Admin (now can configure categories, invite users)

Why gradual: Reduces risk of untrained users making system-wide changes

Offboarding Admin to Viewer

Goal: Employee leaving company, needs temporary access for knowledge transfer

Steps:

  1. Employee gives notice
  2. Demote from Admin → Viewer (prevents deletion or changes)
  3. Keep Viewer access for 2-week transition period
  4. Remove user completely after transition

Limitations

No Granular Permissions

UniAsset uses role-based access, not per-feature permissions.

You cannot:

  • Give Manager "delete asset" permission (Admin-only)
  • Restrict Admin from managing users (all Admins can)
  • Create custom roles (only 4 fixed roles)

Workaround:

  • Use next-higher role if user needs specific capability
  • Train users on what they should/shouldn't do
  • Rely on audit trail for accountability

No Temporary Elevated Access

Cannot grant temporary elevated permissions.

If user needs one-time Admin action:

  • Promote to Admin
  • User performs task
  • Demote back to Manager

Risk: User might forget to demote themselves (you must remember)

No Role Scheduling

Cannot schedule role changes (e.g., "Make Jane Admin starting next Monday").

Workaround:

  • Set calendar reminder
  • Manually change role on scheduled date

Frequently Asked Questions

Can a user have multiple roles?

No. Each user has exactly one role at a time. Choose the role that provides the necessary permissions.

What happens if I change someone's role while they're using the system?

Their permissions update on the next page load or action. They don't get logged out, but restricted features become unavailable immediately.

Can a Manager change another Manager's role?

No. Only Owner and Admin can change roles. Managers cannot access Settings → Users.

Can I bulk-change roles for multiple users?

No. Roles must be changed one user at a time through the UI.

Workaround for large teams: Contact support for bulk role updates (requires verification).

If I demote all Admins, can I recreate them?

Yes. The Owner can always create new Admins. The Owner cannot be removed, so you'll always have at least one high-privilege user.

Does changing someone's role affect their assigned assets?

No. Asset assignments are independent of user roles. A user demoted from Admin to Viewer still has the same assigned assets.

Best Practices

1. Limit High-Privilege Roles

  • Owner: 1 person only
  • Admins: 2-4 trusted individuals maximum
  • Most users: Manager or Viewer

Too many Admins increase risk of accidental deletions or unauthorized changes.

2. Regular Access Reviews

Every quarter:

  1. Review Settings → Users list
  2. Check if roles are still appropriate
  3. Demote users who no longer need high privilege
  4. Remove users who left the organization

3. Document Role Assignment Rationale

Keep internal record of why each user has their role:

  • "Jane Doe - Admin - IT Manager responsible for system configuration"
  • "Bob Smith - Manager - Facilities Supervisor, logs maintenance"
  • "Alice Johnson - Viewer - External accountant, audits asset values quarterly"

Helps justify access during audits.

4. Notify Users of Role Changes

Don't surprise users with demotions:

  • Email: "Your role has been changed from Admin to Manager effective today."
  • Explain why: "As you're transitioning to a new department, you no longer need system configuration access."
  • Clarify what they can still do

5. Test Role Changes in Non-Production (if available)

If you have a test/staging environment:

  • Test role changes there first
  • Verify user still has necessary access
  • Then apply to production

Troubleshooting

"I changed someone's role but they still see Admin menus"

Cause: User's browser cached the old UI.

Solution: Ask user to:

  1. Refresh browser (Ctrl+F5 or Cmd+Shift+R)
  2. Or log out and log back in

"I can't change a user's role"

Possible causes:

  1. You're trying to change the Owner (use Transfer Ownership instead)
  2. You're trying to change your own role (ask another Admin)
  3. You don't have permission (must be Owner or Admin)

"User says they can't access something after promotion"

Cause: Browser hasn't reloaded permissions.

Solution:

  1. User refreshes page
  2. User logs out and back in
  3. Wait 1-2 minutes for session to update

Related Articles

Need Help?

Questions about role management?

Need Help?

If you have questions not covered in this article, our support team is here to help.

Contact Support