Content access can currently be set in the workflow. It is very flexible in status, but when a content type is shared between channels the access can't be limited to a channel.
In INTEGRATED-1321, multiple user groups can be added to a channel
When no groups have been added, everyone has access
Administrators always have access, no matter of their access settings (ROLE_ADMIN) (this should already be the case)
Assignee of the article always have access, no matter of their access settings (this should already be the case)
Being in one of the groups is enough to get access
To access the content you have to have access by Channel configuration AND by Contenttype/Workflow configuration (Workflow overrules content type)
Write access will be based on the combination of channels. When multiple channels have been selected for a document, you need access to all channels to edit them.
Because a user can be added to many groups complex combinations are possible (user can read news from Channel X and write articles on Channel X and Y)
Update the workflow Solr indexer to include the new channel group access settings (see Implementation)
Update the workflow access voter to include the new channel group access settings (see Implementation)