We need to be able to configure user accounts with roles so we can give access to viewing/running workflows, but prevent write access to create workflows/tools. This would be useful for endpoints such as the browndog endpoint where a configured account may create a workflow, but we want others to have access to viewing/running the workflow without creating authenticated accounts.
Maybe something like:
administrator - admin level access
viewer - read-only access, can view workflows
editor - can create/edit/execute workflows
runner - can view/execute workflows
This will likely be groups that have various common permissions (similar to a CMS)