diff --git a/src/Squidex.Domain.Apps.Core.Model/Apps/Role.cs b/src/Squidex.Domain.Apps.Core.Model/Apps/Role.cs
index 7f5bd195e..22f6f1b73 100644
--- a/src/Squidex.Domain.Apps.Core.Model/Apps/Role.cs
+++ b/src/Squidex.Domain.Apps.Core.Model/Apps/Role.cs
@@ -71,7 +71,8 @@ namespace Squidex.Domain.Apps.Core.Apps
             return new Role(Editor,
                 P.ForApp(P.AppAssets, app),
                 P.ForApp(P.AppCommon, app),
-                P.ForApp(P.AppContents, app));
+                P.ForApp(P.AppContents, app),
+                P.ForApp(P.AppWorkflowsRead, app));
         }
 
         public static Role CreateReader(string app)
diff --git a/src/Squidex/Areas/Api/Controllers/Apps/Models/AppDto.cs b/src/Squidex/Areas/Api/Controllers/Apps/Models/AppDto.cs
index 6d706dc30..46e37a1ea 100644
--- a/src/Squidex/Areas/Api/Controllers/Apps/Models/AppDto.cs
+++ b/src/Squidex/Areas/Api/Controllers/Apps/Models/AppDto.cs
@@ -177,6 +177,11 @@ namespace Squidex.Areas.Api.Controllers.Apps.Models
                 AddGetLink("schemas", controller.Url<SchemasController>(x => nameof(x.GetSchemas), values));
             }
 
+            if (controller.HasPermission(AllPermissions.AppWorkflowsRead, Name, permissions: permissions))
+            {
+                AddGetLink("workflows", controller.Url<AppWorkflowsController>(x => nameof(x.GetWorkflow), values));
+            }
+
             if (controller.HasPermission(AllPermissions.AppSchemasCreate, Name, permissions: permissions))
             {
                 AddPostLink("schemas/create", controller.Url<SchemasController>(x => nameof(x.PostSchema), values));
diff --git a/src/Squidex/app/shared/services/apps.service.ts b/src/Squidex/app/shared/services/apps.service.ts
index 090a23093..ea2c049b0 100644
--- a/src/Squidex/app/shared/services/apps.service.ts
+++ b/src/Squidex/app/shared/services/apps.service.ts
@@ -35,7 +35,7 @@ export class AppDto {
     public readonly canReadRoles: boolean;
     public readonly canReadRules: boolean;
     public readonly canReadSchemas: boolean;
-    public readonly canReadWorkflows: boolean = true;
+    public readonly canReadWorkflows: boolean;
     public readonly canUploadAssets: boolean;
 
     constructor(links: ResourceLinks,
@@ -63,6 +63,7 @@ export class AppDto {
         this.canReadRoles = hasAnyLink(links, 'roles');
         this.canReadRules = hasAnyLink(links, 'rules');
         this.canReadSchemas = hasAnyLink(links, 'schemas');
+        this.canReadWorkflows = hasAnyLink(links, 'workflows');
         this.canUploadAssets = hasAnyLink(links, 'assets/create');
     }
 }