Page access (Menus tab) — can the user even reach the page?

Scope (By Project, By Definition, per-report, per-layer) — which items inside the page are visible?

Action (Edit, Delete, Create, etc. in the General sections) — what can the user do to those items?

Edit — Allows editing asset elements from Asset Summary, Asset Registry inline edit, and the bulk-edit dialog. With this off, asset pages load read-only.

Edit Read Only Elements — Unlocks asset elements that the Asset Definition Manager has marked as read-only. Has no effect without Edit.

Toggle Hidden Element Fields — Lets the user reveal asset elements marked as non-visible in the definition. Without it, those fields never appear in Asset Summary, the registry grid, or the create form.

Delete — Shows the Delete option in the Asset Summary action menu and enables bulk delete in the Asset Grid.

Create/Delete Public Links — Lets the user generate a shareable public URL for an Asset Summary page (and revoke it later). Anyone with the link can view the asset summary without logging in.

Alter Location — Lets the user change an asset's location after it was first created. Without it, the location field is read-only on existing assets, even if the user can otherwise edit them.

Force Scan Tag for Create Asset — Forces the user to scan a tag instead of typing an asset number when creating an asset. Because the web app's Create Asset page only supports typing, enabling this permission automatically hides the Create Asset menu option for the group on the web — they will only be able to create assets from the mobile app.

Force Camera for Asset Photos — Forces the user to take a new photo with the camera rather than choosing one from their device's photo library.

View / Manage Sensitive Locations — Lets the user see the location of assets that have been marked as sensitive, and lets them toggle the sensitive flag on or off. With this off, the sensitive asset's pin will not appear on any map in the product. See the Sensitive Asset Locations article for the full workflow.

Edit — Allows editing tasks from Task Summary and the Task Grid. Without it, tasks load read-only.

Delete — Shows the Delete action on Task Summary and enables bulk delete in the Task Grid.

Change Task Date/Recorded By — Unlocks the recorded date and recorded by fields in the task editor so they can be reassigned after the fact. Without it, those fields are visible but locked.

Change Task Name/Asset Number — Unlocks the task name and asset number fields in the task editor. Changing the asset number effectively re-points the task to a different asset.

Edit Read Only Elements — Unlocks task elements that the Task Definition Manager has marked as read-only. Has no effect without Edit.

Alter Location — Lets the user change a task's recorded location after it was first recorded. Without it, the location field is read-only on existing tasks.

Force Scan Tag for Record Task — Forces the user to scan a tag instead of typing an asset number when recording a task. Because the web app's Record Task page only supports typing, enabling this permission automatically hides the Record Task menu option for the group on the web — they will only be able to record tasks from the mobile app.

Force Camera for Task Photos — Forces the user to take a new photo with the camera rather than choosing one from their device's photo library.

Add Contacts — Shows the Notify Contacts picker on the Record Task page, letting the user send an email to one or more contacts when the task is recorded.

Toggle Hidden Element Fields — Lets the user reveal task elements marked as non-visible in the definition. Without it, those fields never appear in the task editor or grid.

View — User can view every task of this definition, regardless of who recorded it.

View Only Own — User can only see tasks of this definition that they themselves recorded. They must still have permission to view the task definition itself for this to work.

Create (Edit) — User can create tasks using this definition. To edit tasks afterwards, they also need the Edit permission in the General section above.

Create/Edit — Shows the Create button in Work Order Manager and unlocks every field on the work order form. Enabling this automatically also grants View Company Work Orders for the group.

Delete — Shows the Delete action on a work order. Deletion is permanent.

Change Status — Lets the user change the overall status of a work order (e.g. Waiting→ In Progress).

Change Line Item Status — Lets the user change status on individual line items within a work order. Granted by default to every group; useful to leave on even for technicians who shouldn't change the parent work order's status.

Mark as Complete — Shows the Mark Complete action on a work order. Useful to restrict to supervisors so that only they can sign off on finished work.

Reopen — Allows a work order that is marked as complete to have its status changed back to a non-complete status.

View Company Work Orders — Required to see all work orders in the company on the Work Order Manager. Without it, users only see work orders they were assigned to or are following.

Work Order Template Create/Edit/Delete — Controls access to the Work Order Templates page, where reusable work order blueprints are managed. Distinct from creating individual work orders.

Create/Edit — Shows the New Report button on the Reports page and lets the user edit existing reports.

Delete — Shows the Delete action/button.

Rename — Shows the Rename action/button. Independent of Create/Edit — a user can be allowed to rename without being allowed to edit the underlying query.

Create/Manage Public Links — Lets the user generate a shareable public URL for a report, and revoke it later. Anyone with the link can view the report without logging in.

Create Global Layouts — Lets the user create dashboard layouts that are shared with everyone in the company.

Create Private Layouts — Lets the user create personal dashboard layouts visible only to themselves. Granted to every group by default.

Asset Registry — The main asset registry and grid view.

View Tasks — The main task grids.

Create Asset — Page for creating an asset. Automatically hidden if Force Scan Tag for Create Asset is enabled.

Record Task — Page for recording a task. Automatically hidden if Force Scan Tag for Record Task is enabled.

Clone Asset — Utility to clone an existing asset.

Replace Tag — Utility to replace the tag on an existing asset (i.e. the tag was damaged, etc.).

Map — Map view with layers, geofences, and asset/task locations.

Geofences — Geofence manager.

Reports — Interface for creating and managing reports.

Projects — Interface for managing projects.

Project Schedules — Interface(s) for managing project and enterprise schedules (only visible if the Project Schedules module is enabled). See Enabling Project Schedules.

Resource Definition Manager — Resource template library used by Project Schedules (only visible if Project Schedules is enabled).

Work Order Manager — Card-style view of work orders (only with Work Orders module).

Work Order Grid — Tabular view of work orders (only with Work Orders module).

Work Order Templates — Reusable work order blueprints (only with Work Orders module).

Asset Definition Manager — Manage asset definition templates and elements.

Task Definition Manager — Manage task definition templates and elements.

Automation Manager — Configure trigger-based automations.

Data Set Manager — Manage custom data sets used by reports and the API.

List Manager — Manage shared dropdown lists used by element definitions.

Contact Manager — Manage contacts used in notifications.

User Manager — Manage users and their permission group assignments.

User Create — The new user form.

Permission Manager — Page for managing user permission groups.

Company Profile — Company-level settings, branding, and integrations.

Audit Log — System-wide audit trail.

Notification Log — History of notifications sent.

Tracking Hardware — Manage telematics devices and beacons.

Mass Import — Bulk-import assets from a spreadsheet.

My Time Cards — Personal time card entry (Time Cards module only).

Foreman Entry / Approval — Crew time entry and approval (Time Cards module only).

Export Time Cards — Export approved time cards for payroll (Time Cards module only).

Dashboard — Mobile dashboard.

Create Asset — Create an asset.

Record Task(s) — Record one or more tasks.

Asset Summary — Open an asset's summary page.

Map Search — Search and view assets on the map.

Clone Asset — Utility to clone an asset.

Replace Tag — Utility to replace the tag on an asset.

Reports — View and run reports.

Work Orders — View and update work orders (Work Orders module only).

My Time Cards — Submit personal time cards (Time Cards module only).

Help — In-app help.

Manage Layers — Lets the user create, edit, and delete all map layers and folders (feature, raster, and tile). Implies view access to all of them.

View All Layers — Lets the user see all map layers and folders.

Manage Map Layouts — Lets the user create, rename, and delete saved map layouts (zoom + visible-layer presets).

View All Map Layouts — Lets the user open saved map layouts.

Create / Edit / Delete Geofences — Lets the user manage geofence zones from the Geofences page.

Create/Edit — Lets the user save a new grid layout or edit an existing one.

Delete — Lets the user delete a saved layout.

Rename — Lets the user rename a saved layout.

Create/Edit — Shows the New Project button on the Projects page and unlocks the project edit fields.

Delete — Shows the Delete action on a project. Deleting a project removes its grouping but does not delete the assets inside it.

Undo — Shows the Undo action on rows in the Audit Log, letting the user revert recorded changes (e.g. restore a deleted asset). Typically restricted to admins.

Delete — Lets the user delete file attachments from assets and tasks.

Rename — Lets the user rename file attachments.

Upload — Shows the Upload button in the Files area of an asset or task.

Create/Edit — Lets the user create new lists and edit list contents in List Manager.

Move — Lets the user move lists between folders in List Manager.

Delete — Lets the user delete lists. Deleting a list can break elements that reference it; do this carefully.

Upload — Shows the Upload button in the images gallery of an asset or task.

Replace — Shows the Replace action on an existing image, letting the user swap it without losing its place in the gallery.

Delete — Lets the user delete an image.

Rotate — Shows the rotate button in the images gallery.

Create/Edit — Lets the user create and edit links attached to assets on the Asset Links page and through asset link rules.

Install/Remove — Lets the user attach a telematics device to an asset or detach an existing one. Does not technically control whether the user can see telematics data — that is governed by per-asset and per-project permissions.

Attach/Remove — Shows the attach/remove controls in the Asset Beacon widget on Asset Summary, letting the user pair or unpair a beacon with the asset.

Endpoint Access — [Deprecated] Allows the user's credentials to authenticate against Nektar's Legacy V1 API. This permission exists for the V1 API, which is no longer receiving updates. Most modern integrations should use the current API instead - See API Credentials in Company Settings.

User is Foreman — Marks the user as a foreman in the Time Cards module. Foremen can enter and approve time cards on behalf of their crew on the Foreman Entry / Approval page; non-foremen only see their own time cards.

For an overview of how permission groups work, see Permission Group.

To set per-project access from the Project page, see Set Project Permissions.

To set per-asset-definition access from the Asset Definition Manager, see Manage Asset Definition Permissions.

To set per-task-definition access from the Task Definition Manager, see Manage Task Definition Permissions.

For the Work Orders permission workflow specifically, see Manage Work Order Permissions.