Automatically grant permissions to new process instance in ReST application


I’m working on an application based on the ReST API in which users are able to create process instances through a web interface. Then, they use the web interface to execute the tasks in the process. I’m now looking for a way to ensure that each user can only see and execute the process instances that they have created themselves. As far as I understand, this can be achieved by granting them the required permissions using explicit Authorization instances referring to the process instance.

What would be the best way to trigger the creation and deletion of these Authorization instances? I can probably get away with periodically scanning and removing outdated Authorizations, but I need them to be created right when the process is created to ensure that the user can execute the process tasks immediatly.

I’m using Spring Boot and already have custom code running to configure the engine and hook it up to our authentication provider.

Any suggestions would be greatly appreciated.