Orchestrator defines levels of permissions that you can apply to groups to allow or deny them access to workflows.

View
The user can view the elements in the workflow, but cannot view the schema or scripting.
Inspect
The user can view the elements in the workflow, including the schema and scripting.
Execute
The user can run the workflow.
Edit
The user can edit the workflow.
Admin
The user can set permissions on the workflow and has all other permissions.

The Admin permission includes the View, Inspect, Edit, and Execute permissions. All the permissions require the View permission.

If you do not set any permissions on a workflow, the workflow inherits the permissions from the folder that contains it. If you do set permissions on a workflow, those permissions override the permissions of the folder that contains it, even if the permissions of the folder are more restrictive.