diff --git a/src/dispatch/workflow/models.py b/src/dispatch/workflow/models.py
index b29749b6ca7c..32e45995380a 100644
--- a/src/dispatch/workflow/models.py
+++ b/src/dispatch/workflow/models.py
@@ -21,7 +21,7 @@
     Pagination,
 )
 from dispatch.participant.models import ParticipantRead
-from dispatch.plugin.models import PluginInstance, PluginInstanceRead
+from dispatch.plugin.models import PluginInstance, PluginInstanceReadMinimal
 from dispatch.project.models import ProjectRead
 
 from .enums import WorkflowInstanceStatus
@@ -121,7 +121,7 @@ class WorkflowSignal(DispatchBase):
 class WorkflowBase(DispatchBase):
     name: NameStr
     resource_id: str
-    plugin_instance: PluginInstanceRead
+    plugin_instance: PluginInstanceReadMinimal
     parameters: Optional[List[dict]] = []
     enabled: Optional[bool]
     description: Optional[str] = Field(None, nullable=True)
diff --git a/src/dispatch/workflow/views.py b/src/dispatch/workflow/views.py
index 553b8e7229c9..bdf421e41b41 100644
--- a/src/dispatch/workflow/views.py
+++ b/src/dispatch/workflow/views.py
@@ -1,8 +1,9 @@
-from fastapi import APIRouter, HTTPException, status
+from fastapi import APIRouter, HTTPException, status, Depends
 from pydantic.error_wrappers import ErrorWrapper, ValidationError
 
 from dispatch.database.core import DbSession
 from dispatch.database.service import CommonParameters, search_filter_sort_paginate
+from dispatch.auth.permissions import SensitiveProjectActionPermission, PermissionsDependency
 from dispatch.exceptions import NotFoundError
 from dispatch.models import PrimaryKey
 from dispatch.plugin import service as plugin_service
@@ -27,7 +28,10 @@ def get_workflows(common: CommonParameters):
     return search_filter_sort_paginate(model="Workflow", **common)
 
 
-@router.get("/{workflow_id}", response_model=WorkflowRead)
+@router.get(
+    "/{workflow_id}",
+    response_model=WorkflowRead,
+)
 def get_workflow(db_session: DbSession, workflow_id: PrimaryKey):
     """Get a workflow."""
     workflow = get(db_session=db_session, workflow_id=workflow_id)
@@ -39,7 +43,10 @@ def get_workflow(db_session: DbSession, workflow_id: PrimaryKey):
     return workflow
 
 
-@router.get("/instances/{workflow_instance_id}", response_model=WorkflowInstanceRead)
+@router.get(
+    "/instances/{workflow_instance_id}",
+    response_model=WorkflowInstanceRead,
+)
 def get_workflow_instance(db_session: DbSession, workflow_instance_id: PrimaryKey):
     """Get a workflow instance."""
     workflow_instance = get_instance(db_session=db_session, instance_id=workflow_instance_id)
@@ -51,7 +58,11 @@ def get_workflow_instance(db_session: DbSession, workflow_instance_id: PrimaryKe
     return workflow_instance
 
 
-@router.post("", response_model=WorkflowRead)
+@router.post(
+    "",
+    response_model=WorkflowRead,
+    dependencies=[Depends(PermissionsDependency([SensitiveProjectActionPermission]))],
+)
 def create_workflow(db_session: DbSession, workflow_in: WorkflowCreate):
     """Create a new workflow."""
     plugin_instance = plugin_service.get_instance(
@@ -66,7 +77,11 @@ def create_workflow(db_session: DbSession, workflow_in: WorkflowCreate):
     return create(db_session=db_session, workflow_in=workflow_in)
 
 
-@router.put("/{workflow_id}", response_model=WorkflowRead)
+@router.put(
+    "/{workflow_id}",
+    response_model=WorkflowRead,
+    dependencies=[Depends(PermissionsDependency([SensitiveProjectActionPermission]))],
+)
 def update_workflow(db_session: DbSession, workflow_id: PrimaryKey, workflow_in: WorkflowUpdate):
     """Update a workflow."""
     workflow = get(db_session=db_session, workflow_id=workflow_id)
@@ -78,7 +93,11 @@ def update_workflow(db_session: DbSession, workflow_id: PrimaryKey, workflow_in:
     return update(db_session=db_session, workflow=workflow, workflow_in=workflow_in)
 
 
-@router.delete("/{workflow_id}", response_model=None)
+@router.delete(
+    "/{workflow_id}",
+    response_model=None,
+    dependencies=[Depends(PermissionsDependency([SensitiveProjectActionPermission]))],
+)
 def delete_workflow(db_session: DbSession, workflow_id: PrimaryKey):
     """Delete a workflow."""
     workflow = get(db_session=db_session, workflow_id=workflow_id)
@@ -90,7 +109,10 @@ def delete_workflow(db_session: DbSession, workflow_id: PrimaryKey):
     delete(db_session=db_session, workflow_id=workflow_id)
 
 
-@router.post("/{workflow_id}/run", response_model=WorkflowInstanceRead)
+@router.post(
+    "/{workflow_id}/run",
+    response_model=WorkflowInstanceRead,
+)
 def run_workflow(
     db_session: DbSession,
     workflow_id: PrimaryKey,