...
Forms/Flows owned by designer who can administer access. Only the designer/owner may modify the form/flow design.
Flow administration may be granted to any other user/role to give full access to audit trail and ability to modify/abort running instances.
Access to a flow instance’s audit trail may be granted to all participants or a to a custom set of users/roles.
Other users may be granted the publisher role allowing them to administer form/flow access and deploy to production.
Only the designer/owner or publisher may deploy the form/flow to production. Best Best practice is to have a deployer account on the production system that has the publisher role.
...