Let's say I have a user group x with minimal permissions which needs to trigger a workflow y. Currently the group permissions are,
So if I try to start the workflow from the sites, selecting the page --> Create --> Workflow, in select the workflow models dropdown OOTB models are also being listed. I want the dropdown list to be restricted to only the workflow y, which I created. So how can I set the required permissions!
You can also achieve the given use case by implementing Workflow: System tag on the model. This will allow you to hide default workflows and display custom workflows in the Start Workflow list in the AEM Sites and Assets UI. See  for more details.
Workflow models are hidden by setting Workflow: System tag on the model.
Go to the Workflow Models console:http://host:port/libs/cq/workflow/admin/console/content/models.html/etc/workflow/models
Click Page Properties on the AEM Sidekick.
Add Workflow: System tag into Tags/Keywords.
Remove Workflow: WCM tag (and other tags) fromTags/Keyword if any.
Click the OK button.
Click the Save button in the top left of the editor page.
Answer by @hamidk92094312 already covers the link you can try and it works.
In case you need to deny certain workflows from appearing in the drop down and it is true for all the users then a suggested approach can be to tag such workflows as system workflows. You can open the workflow properties and tag it with workflow/system and it won't appear in any drop down where user can select it.