Try to start some process via REST and take a look at Process Management -> Process Instances in the web UI. The initiator is "Anonymous", although proper username & password was provided in the request (and the username is a valid EAP account with kie-user role).

Even more interesting is a fact, that this behaviour can be observed only right after the server started. A few minutes after, the process instance initiator is a valid username. Unfortunately, not the username provided in the REST request, but username of account logged in the UI.

Here is what I did:

1. started EAP with business central configured to use BASIC auth.

2. curl -L --basic -u radek:radek123* -X POST http://localhost:8080/business-central/rest/runtime/${deployment}/process/${processId}/start --header "Content-Type:application/json"

3. curl -L --basic -u admin:admin123* -X POST http://localhost:8080/business-central/rest/runtime/${deployment}/process/${processId}/start --header "Content-Type:application/json"

4. logged into web UI with admin:admin123*

5. curl -L --basic -u radek:radek123* -X POST http://localhost:8080/business-central/rest/runtime/${deployment}/process/${processId}/start --header "Content-Type:application/json"

6. a minute of waiting

7. curl -L --basic -u radek:radek123* -X POST http://localhost:8080/business-central/rest/runtime/${deployment}/process/${processId}/start --header "Content-Type:application/json"

Now the results from UI Process Instances (only the Initiator column):
Anonymous
Anonymous
Anonymous
admin

(I would expect radek, admin, radek, radek)