I want to give a group of users read-only access to Orchestrator where they could check the status of workflow executions. Is it possible without giving them Edit or Admin privileges?
Thanks in advance!
Well, the problem is that workflows are being executed by a separate service account, so these users aren't supposed to track their own workflow executions, but executions of all users. Therefore "view" isn't sufficient.
Viewers should be able to see workflow events for all users (select a workflow and click on 'Events' tab on the right pane).
There are events like 'workflow started', 'workflow finished', etc. Not sure if this is enough as tracking information for your case; if not, then you are out of luck - there is no other permission that combines read-only access with access to full execution information.
That is still not enough. In situation when we have dozens of workflow runs and the Events you are referring to don't contain any details about what systems were provisioned, it is still no good for us.
I'd like to have access similar to admin, but without any actions available. The user should be able to see the structure of a workflow, view all the runs and see where they are or what errors are displayed.
Not possible with the current vCO client; the permission model is not flexible enough.
You may try to implement some custom Web portal leveraging vCO REST API but this would be a non-trivial amount of work.