Opencast currently does not support assigning roles to workflows. All workflow definitions are available for all users (provided they have the role(s) to create events, that is).
We would like to change this with the following approach:
A workflow definition can specify a list of roles.
If the workflow does not specify roles, the previous behavior is in effect: everyone can use this workflow.
Users with `ROLE_ADMIN` can also use all workflows.
Otherwise, if the current user has roles in common with the roles specified in the workflow, the workflow can be started.