Workflow models inherit a default access control list (ACL) for controlling how users can interact with workflows. To customize user access for a workflow, modify the Access Control List (ACL) for the workflow model node in the repository.
For information about using CRXDE Lite to configure ACLs, see Access Control.
The following example restricts content authors from starting a workflow called mymodel. To restrict access, the Authors group is denied read access to the /etc/workflows/models/mymodel node.
The following diagram shows the default ACL for mymodel (the default ACL for all new models). The Authors group is a member of the contributor group, so Authors are allowed the jcr:read privilege for the node.