It looks to me like a bug. While I don't plan on giving any users access to vRO, I did a quick test on my embedded vRO 8.0.
If I attempt to create a Workflow with a user having Workflow Designer rights and in a group named Test Group I get a 500 error. This appears in the logs:
ch.dunes.util.NotAuthorizedException: User LDAP-USER-['testuser'] - testuser doesn't have required access rights ((Edit, false)) for calling updateWorkflowWithContent method
If I then use an administrator to add that Workflow to the group, the user can see the workflow. If they attempt to open it they get this error in the logs:
User LDAP-USER-['testuser'] - testuser doesn't have necessary rights 'View', required to execute operation on (Workflow, 92326a73-d471-4bed-96f9-688ae2c5ebf4).
If I try to open the workflow created by the test user with my admin account I get this error in the logs:
[[restServlet]] Servlet.service() for servlet [restServlet] in context with path [/vco] threw exception [Request processing failed; nested exception is java.lang.NullPointerException] with root causejava.lang.NullPointerException
I was able to delete the workflow with the admin account though.
In the end the only way I could get it to work was having the Admin create the workflow and assign it to Test Group. The test user could then do whatever they wanted with it.
I would raise a GSS ticket if you need this functionality.
I do need this functionality and I wonder if I can report bugs myself...
Edit: Oops, wrong vRO bug thread that I'm a part of ...