Luckily I remembered (after much faffing around) how do do this, I've listed the steps below:
What this will do
The Role we will create has access to view items of a particular state. This means that if you have someone managing the site with a lot of users and they want to 'bulk grant access' for certain users to see items that have a particular state.
How to
Create a new Group in plone_control_panel called whatever you want.
Go to portal_workflows in the ZMI, copy & paste the workflow and then under plone_control_panel, under the "Types" heading, update the sites workflow to the new one.
Go to the ZMI and select the "Security" tab.
At the bottom type a name for the custom role you want and hit "Add Role".
Depending on your workflow you may need to remove most of the "Members" permissions (default group for people). - (THIS WAS SPECIFIC TO MY USE CASE, AVOID THIS STEP IF NEEDS BE)
Tick the boxes giving your new role the permissions you want, currently I've found the following to work (although these will differ from site to site as requirements change):
- Access contents information
- Access inactive portal content
- Allow sendto
- List portal members
- List undoable changes
- Manage properties
- Set own password
- View
- View Groups
After updating these settings (and any others regarding workflow), you need to go to portal_workflow/manage_selectWorkflows and press "Update security settings" at the bottom.
Then go to acl_users/portal_role_manager and select the role you have created, then Assign your group (the one created under plone_control_panel earlier).
Go to portal_workflow/manage_selectWorkflows, select the "Contents" tab, select your custom workflow want and hit "States".
Click on the state you want the Role to be able to see and select the "Permissions" tab.
Add the necessary permissions for your custom role for that state.
When those have been saved remember to "Update security settings" as mentioned above for them to be applied.
If you have any questions or see anything is incorrect please comment below and I will amend this post.