[Yandex Cloud documentation](../../index.md) > [Yandex Serverless Integrations](../index.md) > [Access management](index.md) > Workflows roles

# Service roles for Workflows

With [Workflows](../concepts/index.md#workflows) service roles, you can manage user access to Workflows [workflows](../concepts/workflows/workflow.md).

{% note info %}

The ability to execute and manage workflows from specific [cloud networks](../../vpc/concepts/network.md#network) or IP addresses, or associate workflows with specific cloud networks, may be restricted by [access policies](../../iam/concepts/access-control/access-policies.md) at the [folder](../../resource-manager/concepts/resources-hierarchy.md#folder), [cloud](../../resource-manager/concepts/resources-hierarchy.md#cloud), or [organization](../../organization/concepts/organization.md) level. 

{% endnote %}

```mermaid
flowchart BT
    serverless.workflows.editor --> serverless.workflows.admin
    serverless.workflows.executor --> serverless.workflows.editor
    serverless.workflows.viewer --> serverless.workflows.editor
    serverless.workflows.auditor --> serverless.workflows.viewer
```

#### serverless.workflows.auditor {#serverless-workflows-auditor}

The `serverless.workflows.auditor` role enables viewing info on [workflows](../concepts/limits.md#workflows) and [access permissions](../../iam/concepts/access-control/index.md) assigned to them, viewing the history of workflow [executions](../concepts/limits.md#workflows), as well as info on Yandex Workflows [quotas](../concepts/limits.md#workflows).

#### serverless.workflows.viewer {#serverless-workflows-viewer}

The `serverless.workflows.viewer` role enables viewing info on [workflows](../concepts/limits.md#workflows) and [access permissions](../../iam/concepts/access-control/index.md) assigned to them, viewing the history of workflow [executions](../concepts/limits.md#workflows), as well as info on Yandex Workflows [quotas](../concepts/limits.md#workflows).

This role includes the `serverless.workflows.auditor` permissions.

#### serverless.workflows.executor {#serverless-workflows-executor}

The `serverless.workflows.executor` role enables executing, pausing, resuming, and stopping [workflows](../concepts/workflows/workflow.md).

#### serverless.workflows.editor {#serverless-workflows-editor}

The `serverless.workflows.editor` role enables managing workflows.

Users with this role can:
* View info on [workflows](../concepts/workflows/workflow.md) and [access permissions](../../iam/concepts/access-control/index.md) assigned to them;
* Create, update, and delete workflows.
* Execute, pause, resume, and stop workflows.
* View the history of workflow [executions](../concepts/workflows/execution.md).
* View info on Yandex Workflows [quotas](../concepts/limits.md#workflows).

This role includes the `serverless.workflows.viewer` and `serverless.workflows.executor` permissions.

#### serverless.workflows.admin {#serverless-workflows-admin}

The `serverless.workflows.admin` role enables managing workflows.

Users with this role can:
* View info on [workflows](../concepts/workflows/workflow.md) as well as create, update, and delete them.
* View info on [access permissions](../../iam/concepts/access-control/index.md) assigned to workflows and modify such permissions.
* Execute, pause, resume, and stop workflows.
* View the history of workflow [executions](../concepts/workflows/execution.md).
* View info on Yandex Workflows [quotas](../concepts/limits.md#workflows).

This role includes the `serverless.workflows.editor` permissions.