diff --git a/tests/Feature/Assets/Ui/DeleteAssetTest.php b/tests/Feature/Assets/Ui/DeleteAssetTest.php
index 915247109e..948f0d6833 100644
--- a/tests/Feature/Assets/Ui/DeleteAssetTest.php
+++ b/tests/Feature/Assets/Ui/DeleteAssetTest.php
@@ -16,6 +16,8 @@ class DeleteAssetTest extends TestCase
         $this->actingAs($user)
             ->delete(route('hardware.destroy', $asset))
             ->assertRedirect(route('hardware.index'));
+
+        $this->assertSoftDeleted($asset);
     }
 
     public function test_asset_cannot_be_deleted_without_permissions()
@@ -26,6 +28,8 @@ class DeleteAssetTest extends TestCase
         $this->actingAs($user)
             ->delete(route('hardware.destroy', $asset))
             ->assertForbidden();
+
+        $this->assertModelExists($asset);
     }
 
 }
\ No newline at end of file
diff --git a/tests/Feature/Assets/Ui/EditAssetTest.php b/tests/Feature/Assets/Ui/EditAssetTest.php
index ebe7bf9a97..d085036f2b 100644
--- a/tests/Feature/Assets/Ui/EditAssetTest.php
+++ b/tests/Feature/Assets/Ui/EditAssetTest.php
@@ -68,6 +68,19 @@ class EditAssetTest extends TestCase
         $this->assertDatabaseHas('assets', ['asset_tag' => 'New Asset Tag']);
     }
 
+    public function test_user_without_permission_is_denied()
+    {
+        $user = User::factory()->create();
+        $asset = Asset::factory()->create();
+
+        $this->actingAs($user)->put(route('hardware.update', $asset), [
+            'name'       => 'New name',
+            'asset_tags' => 'New Asset Tag',
+            'status_id'  => StatusLabel::factory()->create()->id,
+            'model_id'   => AssetModel::factory()->create()->id,
+        ])->assertForbidden();
+    }
+
     public function testNewCheckinIsLoggedIfStatusChangedToUndeployable()
     {
         Event::fake([CheckoutableCheckedIn::class]);
diff --git a/tests/Feature/Assets/Ui/StoreAssetTest.php b/tests/Feature/Assets/Ui/StoreAssetTest.php
index 51dfd3806a..560dec4125 100644
--- a/tests/Feature/Assets/Ui/StoreAssetTest.php
+++ b/tests/Feature/Assets/Ui/StoreAssetTest.php
@@ -131,4 +131,19 @@ class StoreAssetTest extends TestCase
         $this->assertDatabaseHas('assets', array_merge($commonData, ['asset_tag' => 'TEST-ASSET-2', 'serial' => 'TEST-SERIAL-2', 'image' => $storedAsset2->image]));
     }
 
+    public function test_user_without_permission_denied()
+    {
+        $user = User::factory()->create();
+        $model = AssetModel::factory()->create();
+        $status = Statuslabel::factory()->readyToDeploy()->create();
+
+        $this->actingAs($user)->post(route('hardware.store'), [
+            'redirect_option' => 'index',
+            'name'            => 'Test Assets',
+            'model_id'        => $model->id,
+            'status_id'       => $status->id,
+            'asset_tags'      => ['', 'TEST-ASSET-1'],
+            'serials'         => ['', 'TEST-SERIAL-1'],
+        ])->assertForbidden();
+    }
 }
\ No newline at end of file