diff --git a/web/snapshots/brass_web__endpoints__vehicle__get_new__tests__inner_produces_template_fine_when_user_is_admin.snap b/web/snapshots/brass_web__endpoints__vehicle__get_new__tests__inner_produces_template_fine_when_user_is_admin.snap
new file mode 100644
index 00000000..c265a4f3
--- /dev/null
+++ b/web/snapshots/brass_web__endpoints__vehicle__get_new__tests__inner_produces_template_fine_when_user_is_admin.snap
@@ -0,0 +1,62 @@
+---
+source: web/src/endpoints/vehicle/get_new.rs
+expression: body
+snapshot_kind: text
+---
+<section class="section">
+  <div class="container"><form method="post" action="/vehicles/new">
+        <h1 class="title">Neues Fahrzeug anlegen</h1>
+
+        <div class="field is-horizontal">
+          <div class="field-label">
+            <label class="label">Funkkenner</label>
+          </div>
+          <div class="field-body">
+            <div class="field">
+              <div class="control">
+                <input class="input" type="text" name="radio_call_name" required placeholder="11.49.1" />
+              </div>
+            </div>
+          </div>
+        </div>
+
+        <div class="field is-horizontal">
+          <div class="field-label">
+            <label class="label">Wache</label>
+          </div>
+          <div class="field-body">
+            <div class="field">
+              <div class="control">
+                <input class="input" type="text" name="station" required placeholder="FF Leipzig Ost" />
+              </div>
+            </div>
+          </div>
+        </div>
+
+        <div class="field is-horizontal">
+          <div class="field-label"></div>
+          <div class="field-body">
+            <div class="field is-grouped">
+              <div class="control">
+                <button class="button is-success">
+                  <svg class="icon">
+                    <use href="/static/feather-sprite.svg#check-circle" />
+                  </svg>
+                  <span>Erstellen</span>
+                </button>
+              </div>
+              <div class="control">
+                <a class="button is-link is-light" hx-boost="true" href="/vehicles">
+                  <svg class="icon">
+                    <use href="/static/feather-sprite.svg#arrow-left" />
+                  </svg>
+                  <span>Zurück</span>
+                </a>
+              </div>
+            </div>
+          </div>
+        </div>
+
+      </form>
+  </div>
+</section>
diff --git a/web/src/endpoints/vehicle/get_new.rs b/web/src/endpoints/vehicle/get_new.rs
index e7dc4695..e9a9fc59 100644
--- a/web/src/endpoints/vehicle/get_new.rs
+++ b/web/src/endpoints/vehicle/get_new.rs
@@ -8,7 +8,7 @@ use crate::{
 
 #[actix_web::get("/vehicles/new")]
 pub async fn get(user: web::ReqData<User>) -> Result<impl Responder, ApplicationError> {
-    if user.role != Role::Admin {
+    if user.role != Role::Admin && user.role != Role::AreaManager {
         return Err(ApplicationError::Unauthorized);
     }
 
@@ -19,3 +19,57 @@ pub async fn get(user: web::ReqData<User>) -> Result<impl Responder, Application
 
     Ok(template.to_response()?)
 }
+
+#[cfg(test)]
+mod tests {
+    use crate::{
+        models::{Function, Role},
+        utils::test_helper::{
+            assert_snapshot, read_body, test_get, DbTestContext, RequestConfig, StatusCode,
+        },
+    };
+    use brass_macros::db_test;
+
+    #[db_test]
+    async fn returns_not_found_for_user(context: &DbTestContext) {
+        let app = context.app().await;
+
+        let config = RequestConfig::new("/vehicles/new");
+
+        let response = test_get(&context.db_pool, &app, &config).await;
+        assert_eq!(StatusCode::UNAUTHORIZED, response.status());
+    }
+
+    #[db_test]
+    async fn area_manager_can_edit(context: &DbTestContext) {
+        let app = context.app().await;
+
+        let config = RequestConfig {
+            uri: "/vehicles/new".to_string(),
+            role: Role::AreaManager,
+            function: vec![Function::Posten],
+            user_area: 1,
+        };
+
+        let response = test_get(&context.db_pool, &app, &config).await;
+        assert_eq!(StatusCode::OK, response.status());
+    }
+
+    #[db_test]
+    async fn produces_template_fine_when_user_is_admin(context: &DbTestContext) {
+        let app = context.app().await;
+
+        let config = RequestConfig {
+            uri: "/vehicles/new".to_string(),
+            role: Role::Admin,
+            function: vec![Function::Posten],
+            user_area: 1,
+        };
+
+        let response = test_get(&context.db_pool, &app, &config).await;
+        assert_eq!(StatusCode::OK, response.status());
+
+        let body = read_body(response).await;
+        assert_snapshot!(body);
+    }
+}
diff --git a/web/src/endpoints/vehicle/post_new.rs b/web/src/endpoints/vehicle/post_new.rs
index 4689dd7f..71d9894d 100644
--- a/web/src/endpoints/vehicle/post_new.rs
+++ b/web/src/endpoints/vehicle/post_new.rs
@@ -13,7 +13,7 @@ pub async fn post(
     pool: web::Data<PgPool>,
     form: web::Form<VehicleForm>,
 ) -> Result<impl Responder, ApplicationError> {
-    if user.role != Role::Admin {
+    if user.role != Role::Admin && user.role != Role::AreaManager {
         return Err(ApplicationError::Unauthorized);
     }
 
@@ -24,3 +24,60 @@ pub async fn post(
         .insert_header(("HX-LOCATION", "/vehicles"))
         .finish())
 }
+
+#[cfg(test)]
+mod tests {
+    use actix_http::StatusCode;
+    use brass_macros::db_test;
+
+    use crate::{
+        endpoints::vehicle::VehicleForm,
+        models::{Role, Vehicle},
+        utils::test_helper::{test_post, DbTestContext, RequestConfig},
+    };
+
+    #[db_test]
+    async fn creates_vehicle_when_user_is_admin(context: &DbTestContext) {
+        works_for_role(context, Role::Admin).await;
+    }
+
+    #[db_test]
+    async fn creates_vehicle_when_user_is_area_manager(context: &DbTestContext) {
+        works_for_role(context, Role::AreaManager).await;
+    }
+
+    async fn works_for_role(context: &DbTestContext, role: Role) {
+        let app = context.app().await;
+
+        let config = RequestConfig::new("/vehicles/new").with_role(role);
+
+        let request = VehicleForm {
+            station: "FF Leipzig Ost".to_string(),
+            radio_call_name: "11.49.1".to_string(),
+        };
+
+        let response = test_post(&context.db_pool, app, &config, request).await;
+
+        assert_eq!(StatusCode::FOUND, response.status());
+
+        let created_vehicle = Vehicle::read(&context.db_pool, 1).await.unwrap().unwrap();
+
+        assert_eq!("11.49.1".to_string(), created_vehicle.radio_call_name);
+    }
+
+    #[db_test]
+    async fn returns_unauthorized_when_user_is_staff(context: &DbTestContext) {
+        let app = context.app().await;
+
+        let config = RequestConfig::new("/vehicles/new");
+
+        let request = VehicleForm {
+            station: "FF Leipzig Ost".to_string(),
+            radio_call_name: "11.49.2".to_string(),
+        };
+
+        let response = test_post(&context.db_pool, app, &config, request).await;
+
+        assert_eq!(StatusCode::UNAUTHORIZED, response.status());
+    }
+}