You can control permissions at the granularity of workflow pages and REST API endpoints. To determine whether a specific user or group has access to a specific item, the BlueCatGateway UDF value is compared to a list of values stored in a configuration file on BlueCat Gateway. If the value appears in the list, the user or group is granted access, otherwise they're not.
Note: Users or groups are assigned permissions to workflows based on the designated UDF value in Address Manager. The following task uses "group" for simplicity and clarity.