Permissions are controlled at the granularity of workflow pages and REST API endpoints. To determine whether or not a specific user or group has access to a specific item, the BlueCatGateway UDF value is compared against a list of values stored in a configuration file on BlueCat Gateway. If the value appears in the list, the user or group is granted access, otherwise they are not.
Note: Users or groups are assigned permissions to workflows based on the designated UDF value in Address Manager. For the following task, "group" will be used for simplicity and clarity.