Ecflow black list file files( ecf.passwd) deals with authentication and white list files(ecf.lists) deals with authorisation.

ECFLOW white list file is a way of restricting the access to ecFlow to only known users.
The file lists users with full access and users with only read access. The read-only user names start with '-' (dash/minus). Note you must include a version number, e.g.
The environment variable ECF_LISTS is used to point to the white list file.
The white list file is an ASCII file.

File ecf.lists

#
4.4.14 # whitelist version number
#Maintenance group and operators
#
uid1
uid2
cog
#
#Read-only users
#
-uid3
-uid4

#
4.4.14 # whitelist version number
#Maintenance group and operators
#
uid1
uid2
cog
#
#All other users have read access
#
-*

If you edit this file while ecFlow is running you need to use the following command to activate the change in ECF:

ecflow_client --reloadwsfile