Policies of Type Workflow only force execution but should also reject execution

Policy of Type Workflow should also reject execution:
We can use a Policy of Type Workflow to force the execution of a certain workflow in relation to the given Scope (like Group, Cloud, User). We miss a Policy of Type Workflow to reject the execution of a certain workflow.

Since a Operational Workflow cannot be scoped to different usages, all Operational Workflows are offered without any validation or control, like with the Action on an Instance. There should be a way of control brought by a Policy of Type Workflow. The Policy needs a extra parameter to divide between “force” and “reject” execution. An alternative solution might be the scoping within the Workflow itself, but might be more general like granular policies.

Example/Use case(s):
An Operational Workflow for Windows only should not be offered on an Instance with Linux servers.