Relationship between node_access gid, roles and workflow
Question
If using workflow, what database table.field does the node_access.gid map to? Does it represent a role, does it represent a workflow sid (state id), or something else?
Example:
+---------+------+-----------------+------------+--------------+--------------+
| nid | gid | realm | grant_view | grant_update | grant_delete |
+---------+------+-----------------+------------+--------------+--------------+
| 1234561 | 4 | workflow_access | 1 | 1 | 1 |
| 1234562 | 5 | workflow_access | 1 | 1 | 1 |
| 1234563 | 6 | workflow_access | 1 | 1 | 1 |
| 1234564 | 7 | workflow_access | 1 | 0 | 0 |
+---------+------+-----------------+------------+--------------+--------------+
EDIT: After @Berdir's excellent response I wrote the query below to analyze the relationship between node_access.gid, workflow_access.rid, and role.rid:
# Establish relationship between workflow, roles, gids, etc.
SELECT
r.name AS role,
r.rid AS w_role_rid,
wa.rid AS and_workflow_access_rid,
ws.state AS has_access_to_state,
wa.sid AS with_state_sid,
IF(ws.status=1,'YES','NO') AS which_is_enabled,
wa.grant_view, wa.grant_update, wa.grant_delete
FROM workflow_access wa
LEFT JOIN role r ON wa.rid = r.rid
LEFT JOIN workflow_states ws ON wa.sid = ws.sid
ORDER BY r.rid, wa.sid
If anyone notices any incongruousness with my query please comment so.
Solution
Looking at the source (the function workflow_access_node_access_records()), it looks to be the rid, which is the role id. Additionally, it is also defined in workflow_access_node_grants(), which returns the gid's for a given user. And that is the role id's for 'workflow_access' and the user id for 'workflow_access_owner'.
There is also a {workflow_access} table, that contains information about which role has which permissions for each workflow state. Based on that, the access grants for each node are then built.