This guide is designed to help Washstacks operators make informed decisions when configuring Roles and Permissions for their teams inside the Operations module. One of the most common questions we receive during training calls is, "What permissions should I give to this role?" The answer often depends on the size of the organization, the chain of command at each location, and how much oversight you want from your corporate team. This document walks through every permission setting available in the Operations module and provides our recommendations for who should have access to what.

Washstacks uses a permissions matrix made up of five possible actions for most features: View, Add, Edit, Delete, and Reports. Not every permission area uses all five actions — some are intentionally limited based on the design of the feature. Each section below explains what the action does, followed by a recommendation table and the reasoning behind that recommendation.

Before assigning permissions, it is important to understand what each checkbox actually does. In the Operations module, you will typically see five columns next to each permission row:

A useful rule of thumb: when in doubt, start with less and add more. It is easier to grant additional access when an employee asks for it than it is to recover from accidentally deleted data.

Throughout this document we will reference the following general role categories. Your organization may use different titles, but the responsibilities typically map directly to these groupings:

Checklists are the backbone of daily operational accountability inside Washstacks. They cover everything from opening and closing routines to weekly maintenance and safety walks. Because checklists drive what your team does every day, control over who can create and modify them is critical to keeping your operation consistent.

Only top management at each store, along with corporate-level management, should be allowed to add, edit, and delete checklists. This protects the integrity of your daily routines. If every assistant manager or attendant could change a checklist, you would quickly see drift in how tasks are performed from shift to shift. Everyone else — including assistant managers, CSAs, and attendants — should have View access only, so they can see and complete the checklists assigned to them but cannot alter the structure.

Washstacks also offers Checklists (Global) and Checklists (Multi-Site) permission rows. These follow the same logic as standard checklists. Global checklists allow Ad Hoc checklist creation, and Multi-Site checklists let you assign a single checklist across more than one location. We recommend reserving both of these for top store management and corporate management for the same consistency reasons described above.

If your organization uses Washstacks for nightly close outs, these permissions control who can count, reconcile, and finalize the day's money. Cash handling is one of the highest-risk areas in any retail operation, so it deserves careful thought.

Anyone who has the authority to handle the daily money should be able to View, Add, and Edit a close out. That includes assistant managers, shift managers, team leads, and key holders — basically anyone who might be closing the store on a given night and needs to count and rectify daily sales. However, only the top store manager and corporate management should have Delete access. You do not want supervisors, key holders, or team leads deleting financial data, even by accident. Removing the Delete checkbox for these mid-level roles creates an important guardrail while still giving them everything they need to do their job.

The Contacts area stores phone numbers, emails, and details for vendors, service providers, and other people your team interacts with regularly. While contact data may seem low-risk, it is often the first thing employees will leak or mishandle when they leave, so it pays to limit who can edit or remove records.

Give your top store-level management and corporate management full permissions. They are the people who will be onboarding new vendors and keeping records accurate. Everyone below that level should be limited to View access only. Your team still needs to be able to look up a vendor's phone number when something breaks at 6 a.m., but they do not need the ability to change or delete that information.

Tracking downtime is essential for understanding revenue loss, equipment reliability, and operational performance. The Downtime feature allows your team to log when the wash (or a piece of equipment) is offline so corporate can see patterns over time.

All levels of management at a store should be able to view, add, and edit downtime. There will be plenty of times when lower-level management — a team lead or key holder — is the one running a shift, and they need to be able to communicate that the site is down. Reaction time matters here, so do not block them. No one below a management level should have any access to downtime. Only top store management and corporate management should have full permissions, including the ability to delete records and view the downtime report.

Import Locations is an administrative feature intended for bulk setup of new sites in the Washstacks system. It is rarely used day-to-day.

Currently, the View and Add checkboxes for Import Locations have no functionality. Edit, Delete, and Reports are not applicable. This row may become active in a future release, but for now the recommendation focuses on the eventual intended use.

Only corporate-level management should have access to Import Locations. No one at the store level — including top managers — needs this. Bulk location imports affect the entire account structure and should be controlled tightly at the home office.

Import Parts allows users to bring in a list of parts from a CSV file rather than entering each one manually. This is a powerful feature that can quickly populate or change your parts inventory.

Just like Import Locations, only corporate-level management should have full access to Import Parts. No one at the store, including top managers, should have any access. CSV imports can overwrite or duplicate large amounts of inventory data in a single action, and that level of risk belongs at the home office.

The Library is where you store SOPs, training materials, MSDS sheets, equipment manuals, and any other reference documents your team needs. It is the central knowledge base for your operation.

All employees should have View access to the Library. The whole point of the Library is to make information accessible to everyone, so blocking visibility defeats the purpose. Only top store management and corporate management should have full access to add, edit, and delete documents. Document version control is important — you do not want five different versions of the same SOP floating around because everyone with the app can upload their own.

The Parts area tracks your equipment parts inventory — the bearings, pumps, hoses, and consumables you use to keep the wash running. Accurate parts data drives both your work order workflow and your replenishment decisions.

No one below management should have any access to anything Parts-related. Top store management, corporate management, and any maintenance managers should have full Parts access — they are the people responsible for inventory accuracy. Maintenance employees and technicians should have View access so they can look up part availability while they work on equipment, but they should not be able to add, edit, or delete inventory records. All other managers and supervisors should also be limited to View access. They may need to look up whether a part is in stock, but they do not need the ability to change inventory counts or delete part records.

Supplies typically refers to the soap, wax, towels, and other consumables that are stored at an off-site location like a home office or central warehouse. Because supplies inventory is usually managed centrally, the store-level permissions are intentionally narrow.

Anyone at the stores — management included — should only have View access to supplies. The store team needs to know what is available so they can plan and request what they need, but they should not be adding to, editing, or deleting central inventory records. Corporate or home office management should have full permissions, since they are the ones who actually receive shipments, stock the warehouse, and keep counts accurate.

Supply Requests is the bridge between your stores and your home office or warehouse. When a store runs low on a consumable, this is how they ask for it. Because supply requests turn into real-world shipments and dollars, the approval and fulfillment side should be locked down.

All store management should have View access so they can see what has been requested and track its status. Top store management and corporate management should also have Add access so they can place new supply orders when their location is running low. Only corporate-level management and supply managers should have full Edit and Delete permissions — they are the people actually processing, fulfilling, and closing out supply requests. Keeping Edit and Delete restricted prevents a store from changing or removing a request after it has been submitted, which protects the audit trail between the location and the home office.

Work Orders are the lifeblood of maintenance management in Washstacks. They track every repair, inspection, and improvement project across your sites. Getting Work Order permissions right is essential because this is where maintenance staff, store managers, and corporate visibility all intersect.

Top store-level managers, maintenance managers, and corporate managers should have all permissions, including Delete. Maintenance employees should have everything except Delete — they need to create and update work orders all day long, but you do not want a technician accidentally erasing a record that affects warranty tracking or compliance history. Other store management (assistant managers, shift managers) should be limited to View access so they can see what is open and plan around it, but should not be modifying work orders. Anyone below that — team leads, key holders, attendants, CSAs — should have no Work Order access at all. They are not part of the maintenance workflow and giving them access only creates noise.

As you work through your roles inside Washstacks, remember that permissions are not set in stone. You can always adjust as you learn more about how your team uses the system. The goal is to give every employee exactly what they need to do their job well — no more, no less. Too few permissions slows people down and creates frustration; too many permissions creates risk and inconsistency.

If you ever find yourself unsure whether to grant a specific permission, ask yourself three questions:

If the answer to the first two is yes and the third is "easy," grant the permission. If the recovery would be painful, hold the line and keep the permission with a more senior role.