The interface for setting up ACLs and using them to manage station access and use, is awesome, it’s clear, easy to use and easy to setup.
The interface around roles, for managing access to division hangars and containers within them, is complicated (I still don’t think I understand it) and inflexible, and really just doesn’t work the way it should.
I suggest removing all the hangar roles, and replacing them with acls. Either allow individual containers or hangers, to have an acl (either admin/manager = read/write, member = read), or individual acls for each permission read or write. Even better would be to allow profiles to be setup, for hangars/containers allowing further configuration of who has read/write/log in the profile, then the profile could be applied to multiple things (like division 1 hangar in each station, except one).
I would also suggest moving the profile managment section, into access control, as a better fit for that kind of thing.