Managing certificates on AmarEvents requires the event.certificate.manage permission. This is assigned to Owner, Admin, and Event Manager roles by default. Members with only the ticket.view (read-only) permission cannot create, issue, or delete certificates — this was a deliberate security fix to prevent unauthorized certificate issuance.