[Feature Request] Location & Asset Visibility Restrictions by User Assignment #143
Description
Feature Request: Location & Asset Visibility Restrictions by User Assignment
Problem / Use Case
I’m maintaining multiple fleets of charter yachts for different charter companies. These companies must be fully isolated from one another — charter company A should not know that charter company B exists, nor see any of its locations, assets, or details.
To model this, I’ve set up:
• Charter companies as top-level locations
• Individual yachts as sublocations
This structure works well organizationally, but the current permission model causes a serious privacy and confidentiality issue.
Current Behavior
• All users can see all locations and all assets, regardless of whether they are:
• Part of the team
• Assigned as a worker, vendor, or contractor
• Even requesters can see all locations and assets, because:
• When creating a work order, they must select a location and asset
• This exposes the entire location and asset hierarchy
As a result, users from one charter company can see the existence and details of other charter companies and their yachts.
Expected / Preferred Behavior
Users should only be able to see:
• Locations where they are:
• Part of the team, or
• Assigned as a worker, vendor, or contractor
• Assets that belong to those permitted locations
Specifically:
• Locations and assets outside a user’s assignments should be completely hidden
• Requesters should only be able to select from locations/assets they have access to
Why This Matters
• Prevents accidental data leakage between unrelated companies
• Enables service providers and managers to support multiple clients securely
• Aligns with least-privilege access principles
• Makes Atlas CMMS viable for charter fleet managers, MSPs, maintenance companies and similar multi-client operations
Thanks for considering this — happy to clarify or help test if needed.