Authorized access to deployed processes

Hi,

is there a recommended Approach to give only authorized users acceess to certain deployed processes in “Operate”?
Recommended to assign user Groups to a process already in the deployment step?