Currently, flowable-rest api checks user’s privilege based on user id, see: https://github.com/flowable/flowable-engine/blob/master/modules/flowable-rest/src/main/java/org/flowable/rest/security/BasicAuthenticationProvider.java#L54
How about adding group privilege check, for example, a group has the privilege to the rest api, so all the users in the group can access rest api.