Thank you @keefe.andrews for bringing attention to this. I also require more granular levels of permissions for administrator functions. I am reluctant to give permissions to additional functionality in freshservice for this very reason. Let’s hope that there is something in the works!!!

@keefe.andrews Just so I understand what you mean (I’m a new user and still learning) you have created agent accounts for other departments to create their own workflow vs IT taking their requirements and building it on their behalf. The issue is then that there are no permission sets on which orchestrations in Freshservice that different agents have access to. Since the connection to Azure is established between FreshService and Azure then there are no permissions in Azure to limit who can execute commands so even if they built it, Azure can’t block the execution?  Is this correct?

This is different than controlling the Service Catalog and who can request a Service Request (workflow) and the permissions around accessing the workflow.

@PatrickMurphy yes, whatever account you used to connect the Azure app is what the end user will be able to execute in Azure. Like @zachary.king I have to limit what freshservice modules I provide access to because of this. 

I went ahead and submitted this to the ideas section. @PatrickMurphy and @zachary.king and others please upvote if this is important to you as well. 

• Go to Site settings.
• In the Site Actions section, select Manage site features.
• Locate the feature called Workflows can use app permissions, as shown in the figure, and then select Activate.

@ryanthompson would you mind providing some screenshots? I am not sure that I am able to locate the settings you are talking about in the admin center of freshservice.