How does the execution_view permission work?

[leonardo-zorzi]

Hi all,
i would like to restrict a user to execute only a specific action/workflow and view the execution details of only this action.

My current role looks like this:

+----------------------+--------------------------------------------------------------+
| Property             | Value                                                        |
+----------------------+--------------------------------------------------------------+
| id                   | 63ac654be510a12dde357b38                                     |
| name                 | my-custom-role                                               |
| system               | False                                                        |
| permission_grants    | [                                                            |
|                      |     "63ac654be510a12dde357b39",                              |
|                      |     "63ac654be510a12dde357b3a"                               |
|                      | ]                                                            |
| description          | Role for ..                                                  |
| permission_grant_ids | [                                                            |
|                      |     "63ac654be510a12dde357b39",                              |
|                      |     "63ac654be510a12dde357b3a"                               |
|                      | ]                                                            |
| permission_grant_obj | [                                                            |
| ects                 |     {                                                        |
|                      |         "resource_uid":                                      |
|                      | "action:container_actions:add_user_to_container",            |
|                      |         "resource_type": "action",                           |
|                      |         "permission_types": [                                |
|                      |             "action_execute"                                 |
|                      |         ],                                                   |
|                      |         "id": "63ac654be510a12dde357b39"                     |
|                      |     },                                                       |
|                      |     {                                                        |
|                      |         "resource_uid": "execution:container_actions:add_use |
|                      | r_to_container",                                             |
|                      |         "resource_type": "execution",                        |
|                      |         "permission_types": [                                |
|                      |             "execution_view",                                |
|                      |             "execution_list"                                 |
|                      |         ],                                                   |
|                      |         "id": "63ac654be510a12dde357b3a"                     |
|                      |     }                                                        |
|                      | ]                                                            |
+----------------------+--------------------------------------------------------------+

Role creation and user assignment were successful (clean st2-apply-rbac-definitions --config-file=/etc/st2/st2.conf logs + verified with CLI).

I can post a new execution via the api/v1/executions endpoint (with users api key). But a can't retrieve the status via the api/v1/executions/{id} endpoint.
User \my-test-user\" doesn't have required permission \"execution_view\" on resource \"execution:<id>\"

Whats interesting is that i get responses with /api/v1/executions/{id}/result. But this does not include the workflows succeeded: true/false.

rbac.permission_isolation permission is not configured.

Thank you in advance! :)