User Roles & Permissions
Overview
ARMOR's Inventory Management system supports three distinct user roles, each with specific capabilities and access levels. Understanding these roles helps you organize your inventory team and maintain appropriate security controls.
The Three User Roles
| Role | Access Method | Database Visibility | Typical Users |
|---|---|---|---|
| Administrator | Full ARMOR portal login | Complete access | Managers, IT staff, asset coordinators |
| Assigned User | ARMOR portal login | Limited to assigned inventory | Internal staff, department leads |
| External User | Unique URL/QR (no login) | No database visibility | Temp staff, contractors, auditors |
Administrator Role
Who Qualifies
Administrators are ARMOR users with asset management permissions. They have full control over inventory creation, processing, and reporting.
Capabilities
- Create Inventories: Set up new inventory sessions for any site
- Manage Users: Assign internal users and generate blind links
- Process Submissions: Access Match, Review & Process, and Results tabs
- Update Assets: Modify asset records during processing
- Generate Reports: Export inventory results in multiple formats
- Monitor Progress: View real-time completion metrics for all users
- Resolve Issues: Handle flagged submissions and duplicate entries
- Change Status: Move inventory from draft to active to completed
Access Scope
- View and manage all inventories they created
- Access complete asset database for their authorized sites
- See all user submissions and processing history
- Generate organization-wide inventory reports
Security Considerations
- Administrators can see and modify asset financial data
- They control who gets invited to inventories
- They can delete inventories and submissions
- Limit administrator role to trusted personnel
Best Practice: Designate 1-2 administrators per inventory to maintain accountability and audit trail clarity.
Assigned User Role
Who Qualifies
Assigned users are ARMOR portal users who have been explicitly added to an inventory. They must have login credentials and appropriate permissions.
Capabilities
- Submit Asset Scans: Scan and verify assets using portal or mobile app
- View Expected Assets: See the list of assets expected at the site
- Add Notes: Include observations, conditions, or issues
- Track Own Progress: Monitor personal completion percentage
- Update Asset Details: Modify location, condition, and other fields (if permitted)
Access Scope
- View only the inventory they're assigned to
- See asset records for the specific inventory site
- Cannot create or delete inventories
- Cannot process submissions or generate final reports
- Cannot see other users' submissions (except their own)
When to Use Assigned Users
- Internal staff conducting routine equipment checks
- Department leads responsible for their area
- On-site managers performing quarterly audits
- Trusted employees who need database context
Security Considerations
- Assigned users can see existing asset data
- They know what's supposed to be at the site
- This visibility can lead to confirmation bias
- For truly unbiased counts, use external users instead
External User Role (Blind Capture)
Who Qualifies
External users are anyone with access to the unique inventory URL or QR code. They do NOT need ARMOR accounts, portal access, or any system credentials.
Capabilities
- Scan Assets: Submit asset identifiers via mobile device
- Capture Photos: Attach images of assets or conditions
- Add Notes: Include observations or questions
- Manual Entry: Type asset IDs if scanning isn't possible
- Real-time Feedback: Receive confirmation after each submission
Access Scope
- NO DATABASE ACCESS: Cannot see existing asset records
- NO VISIBILITY: Don't know what assets are expected
- SUBMISSION ONLY: Can only submit scans, not view results
- NO REPORTS: Cannot generate or export inventory data
- SINGLE INVENTORY: Link grants access to one specific inventory only
Key Security Feature: External users operate in a "blind" environment. They scan what they physically see without knowing if it matches your records. This prevents bias and ensures accurate audit results.
When to Use External Users
- Annual compliance audits requiring unbiased verification
- Large-scale inventories with many temporary workers
- Third-party auditors conducting independent reviews
- Contractor teams performing facility-wide scans
- Seasonal staff helping with periodic counts
- Security reasons: When users shouldn't see your asset database
How External Access Works
- Administrator generates a unique URL or QR code
- Link is distributed via email, SMS, or printed QR codes
- User clicks link or scans QR on their mobile device
- Simple web interface opens (no app installation required)
- User scans assets and submits entries
- Submissions flow to administrator for processing
Security Considerations
- Anyone with the link can submit: Treat link like a password
- No authentication: System doesn't verify who's submitting
- Link validity: Links remain active until inventory is completed
- Submission tracking: System logs timestamps and device info
- Administrator review: All external submissions require approval
Security Tip: Don't share blind inventory links publicly. Distribute only to authorized participants and treat links as confidential.
Role Comparison Matrix
| Permission | Administrator | Assigned User | External User |
|---|---|---|---|
| Create inventory | ✅ | ❌ | ❌ |
| Submit asset scans | ✅ | ✅ | ✅ |
| View existing assets | ✅ | ✅ (limited) | ❌ |
| Process submissions | ✅ | ❌ | ❌ |
| Generate reports | ✅ | ❌ | ❌ |
| Invite other users | ✅ | ❌ | ❌ |
| Update asset records | ✅ | ⚠️ (limited) | ❌ |
| Track progress | ✅ (all users) | ✅ (own only) | ❌ |
| Requires ARMOR login | ✅ | ✅ | ❌ |
Choosing Roles for Your Team
Small Internal Team (5-10 people)
- 1 Administrator: Project lead who creates inventory and processes results
- 5-10 Assigned Users: Internal staff conducting the count
- 0 External Users: Not needed for small trusted teams
Large Multi-Site Audit (50+ people)
- 2-3 Administrators: Managers who process submissions in parallel
- 5-10 Assigned Users: Department leads for high-value equipment
- 40-100 External Users: Temporary staff, contractors, field workers
External Auditor Scenario
- 1 Administrator: Your internal audit coordinator
- 0 Assigned Users: Keep auditors independent
- 3-5 External Users: Third-party auditors using blind links
Managing User Access
Adding Assigned Users
- Navigate to inventory details
- Click "Assign Users"
- Search for users by name or email
- Select users and save
- Users receive email notification with inventory details
Generating External User Links
- Open inventory details
- Click "Generate Blind Link" or "Generate QR Code"
- Copy unique URL
- Distribute via email, SMS, or print QR codes
- Users access inventory via link (no login required)
Removing Users
- Assigned Users: Remove from user list (submissions remain)
- External Users: Cannot revoke individual access; complete the inventory to invalidate link
Important: Once an external link is distributed, anyone with that link can submit until the inventory is completed or cancelled. There's no way to revoke access for specific individuals.
Permission Best Practices
For Administrators
- Limit to 1-2 people per inventory for accountability
- Ensure administrators understand Match/Review/Results workflow
- Designate a backup administrator for large projects
- Train on resolving flagged submissions and duplicates
For Assigned Users
- Provide clear instructions on verification expectations
- Emphasize physical verification over database checking
- Train on mobile scanning techniques
- Set expectations for completion timelines
For External Users
- Distribute links only to authorized participants
- Include scanning instructions with link distribution
- Provide examples of asset identifiers to scan
- Set expectations: scan everything found, don't skip items
- Collect user names/emails separately for accountability
Common Permission Scenarios
"Can I give external users the ability to see their progress?"
No. External users operate in a blind environment by design. They don't have progress tracking because they don't know what's expected. This ensures unbiased scanning.
"Can assigned users process their own submissions?"
No. Only administrators can access the Match/Review/Results tabs. This maintains audit integrity and separation of duties.
"Can I convert an external user to an assigned user?"
Not directly. If an external user needs full access, they must be added as an assigned user (requires ARMOR login credentials). Their previous external submissions remain linked to the external user identity.
"What happens if someone shares the external link publicly?"
Anyone with the link can submit. However, administrators review all external submissions, so invalid entries can be rejected during processing. For sensitive inventories, use assigned users instead.
What's Next?
- Creating an Inventory - Step-by-step setup process
- Assigning Users & Sending Invites - Detailed user management guide
- Understanding Blind Inventory Capture - Deep dive into external user workflows
- Mobile Field Worker Workflows - How users participate from mobile devices
Getting Help
For assistance with user roles or permission issues, contact the ARMOR Support Team.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article