news Version 0.8.4.0 Released (27th May 2026) - v0.8.4 Community Hotfix: backup, update, Web Console, and firewall fixes.
logo ASA Server Manager
logo ASA Server Manager
Web UI Roles & Permissions (AASM v0.8.3) | ARK Ascended Server Manager

Web UI Roles & Permissions

Hand limited access to helpers without giving away admin

The AASM Web UI ships with four roles - admin, operator, dashboard, viewer - so you can hand a moderator access to restart servers and broadcast messages without giving them the ability to change configs, edit cluster settings, or read passwords.

v0.8.2 added server-side secret redaction (RCON passwords, server admin passwords, SFTP passwords) for viewer/dashboard roles - earlier builds masked only on the renderer.

Prerequisites:

  • Web UI already enabled (see Setting Up the Web UI).
  • Admin role on the Web UI - only admin can manage users.

The four roles at a glance

RoleRead configsSee passwordsStart/Stop/RestartEdit configsEdit cluster/modsManage users
admin
operator✓ (most)
dashboard✓ (limited)✗ (redacted)
viewer✓ (limited)✗ (redacted)

Step 1 - Open the Web UI and log in as admin

Browse to your Web UI URL (e.g. http://192.168.1.42:3000) and log in with the admin credentials.

Step 2 - Navigate to User Management

Click the gear / settings icon in the Web UI header → User Management. This view is admin-only and lists every Web UI user.

Step 3 - Create a new user

Click Add User. Fill in:

  • Username - what they'll log in with.
  • Password - 8+ chars, mixed case, ideally a passphrase.
  • Role - pick from admin / operator / dashboard / viewer based on the table above.

Step 4 - When to pick which role

  • admin - you and any trusted co-admin. Can do everything including managing other users.
  • operator - someone you trust to handle ops but not change who has access. Most moderators / co-owners.
  • dashboard - read-only with no secrets visible. Good for stream overlays, public status pages, or sharing a snapshot of server health.
  • viewer - lowest privilege; can see basic server status (online/offline, player count) but nothing config-related. Useful for community members who want to check if a server is up.

Step 5 - Test the role

Log out of admin, log back in as the new user, and verify they see only what their role allows. If a viewer/dashboard user can see a password anywhere, that's a bug - report it immediately.

Security audit (v0.8.2): server-side redaction now strips ServerAdminPassword, ServerPassword, pending password changes, and remote backup passwords from viewer/dashboard API responses at the /api/call boundary. Read-only endpoints can't leak secrets even if the renderer mask is bypassed.

Web UI Roles & Permissions - done

You can now delegate operational access without exposing passwords or config-edit rights. Audit your user list quarterly and remove anyone who no longer needs access.

Related Guides

Setting Up the Web UI

Enable the Web UI first.

View Guide
HTTPS Certificates

Encrypt the Web UI before WAN exposure.

View Guide
In-Game Admin Passwords

Different layer - this is the ARK server's own admin password.

View Guide
View Documentation Get Support