Workflow Roles
The four workflow roles and what each permits. Roles are per-workflow — a user can be an Editor on one workflow and a Viewer on another.
Role Definitions
Owner
The Owner has unrestricted access to the workflow. They can design, execute, share the workflow with others, and permanently delete it. A workflow must always have at least one Owner. Transferring ownership is done by assigning another user as Owner — you cannot remove the last Owner without transferring.
Editor
Editors can do everything an Owner can do except share the workflow and delete it. They can edit the canvas, configure nodes, create and delete ProcessThreads, and trigger executions. Editors are the right choice for team members who build and maintain workflows but should not control access.
Viewer
Viewers have read-only access. They can see the canvas, browse execution history, and inspect node outputs in the Observer Panel. They cannot trigger a new execution or make any changes. Use this role for stakeholders who need visibility without modification privileges.
Executor
Executors can trigger workflow execution but cannot see the canvas design. This role is intended for:
- External applications that call the workflow API programmatically.
- Service accounts used by scheduled jobs or event-driven triggers.
- End users who are authorized to start a workflow but should not see its internals.
Role Enum (C# Backend)
public enum ProcessAccessRole
{
Owner = 1,
Editor = 2,
Viewer = 3,
Executor = 4
}ActorType — User vs. Group
Access can be granted to individual users or to groups (roles in the IAM system). When a group is granted access, all members of that group inherit the workflow role.
public enum ProcessActorType
{
User = 1, // Individual user by userId
Group = 2 // IAM group / role — all members inherit
}Role Hierarchy
Roles form a hierarchy. A higher role implicitly includes all permissions of lower roles:
Owner > Editor > Viewer > Executor (for design permissions)
Owner > Editor > Executor (for execution permission)When checking CanView, any role grants the check. When checking CanEdit, only Owner or Editor passes. When checking CanExecute, Owner, Editor, or Executor passes (but not Viewer).