How to create a custom security role for assets