User Roles & Permissions¶
MyWestock uses role-based access control (RBAC). Every user has exactly one role, which determines which screens, actions, and data they can access.
Role overview¶
| Role | Typical user | Key capabilities |
|---|---|---|
| Admin | System administrator | Full access to everything |
| Support | Helpdesk / implementation team | Full back-office + My Team management |
| Back Office | Head office finance/ops | Dashboard, ledger, reports, deliveries |
| Retail Manager | Regional manager | Multi-site oversight, site visits |
| Territory Manager | Area representative | Site visits, support tickets |
| Station Manager | Forecourt manager | Daily captures, day-end reconciliation |
| Maintenance | Technical/service team | Equipment records, support tickets |
| Field Capture | Forecourt attendant | Mobile-only nozzle & dip readings |
Permission matrix¶
| Feature | Admin | Support | Back Office | Retail Mgr | Territory Mgr | Station Mgr | Maintenance | Field Capture |
|---|---|---|---|---|---|---|---|---|
| Back-office dashboard | ✓ | ✓ | ✓ | — | — | — | — | — |
| Sites list & detail | ✓ | ✓ | ✓ | ✓ | — | — | — | — |
| Ledger | ✓ | ✓ | ✓ | — | — | — | — | — |
| Reports | ✓ | ✓ | ✓ | — | — | — | — | — |
| Deliveries (back office) | ✓ | ✓ | ✓ | — | — | — | — | — |
| External feeds | ✓ | ✓ | ✓ | — | — | — | — | — |
| Master data | ✓ | ✓ | ✓ | ✓ | — | — | — | — |
| Quick Update captures | ✓ | ✓ | — | — | — | ✓ | — | — |
| Station portal | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | — |
| Day end | ✓ | ✓ | ✓ | ✓ | — | ✓ | — | — |
| Site visits | ✓ | ✓ | — | ✓ | ✓ | — | — | — |
| Support tickets | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | — |
| Mobile field captures | ✓ | ✓ | — | — | — | ✓ | — | ✓ |
| User management (all) | ✓ | — | — | — | — | — | — | — |
| My Team | ✓ | ✓ | — | — | — | — | — | — |
| Global settings | ✓ | — | — | — | — | — | — | — |
| Integrations | ✓ | — | — | — | — | — | — | — |
| Audit log | ✓ | — | — | — | — | — | — | — |
| Reopen day end | ✓ | ✓ | — | ✓ | — | — | — | — |
| Override QU lock | ✓ | ✓ | — | — | — | — | — | — |
How roles are assigned¶
Roles are assigned when a user account is created and can be changed at any time by an Admin (via User Management) or a Support user (via My Team — for non-admin/support roles).
A user can only have one role at a time. To give a user broader access, change their role — do not create duplicate accounts.
Location assignment¶
Back-office roles (Admin, Support, Back Office) automatically see all locations.
Other roles (Retail Manager, Territory Manager, Station Manager, Maintenance, Field Capture) must be explicitly assigned to one or more locations before they can access those sites.
Location assignment is managed on the user's edit form in User Management.