Which user role can view the workflows but cannot create or edit them?

The role that can view workflows but cannot create or edit them is the Falcon Investigator. This role is specifically designed for users who need to analyze and investigate incidents and workflows already in place. As part of their responsibilities, Falcon Investigators have access to the existing workflows to monitor and assess security incidents, helping to provide insights based on the data available.

In contrast, the Falcon Administrator and Workflow Author roles have permissions to create and manage workflows, which allows for a more hands-on approach in building and modifying security processes. The Security Lead typically has a high-level oversight function that may involve approval of workflows but does not restrict the ability to edit or create them. Therefore, Falcon Investigators are limited to viewing functionality, which ensures that security-related investigations remain objective and based on established protocols without altering the workflows themselves. This separation of duties is crucial in maintaining integrity and stability within security operations.