Workflow/Permission for Owner and his group

after several trials I does not find a solution - or overlooked...

I try to install a new "Working Copy/Iterate Workflow".

Our states are simple (simple publication workflow, with pa.iterate):
Private -> "Pending" -> "Published"

But now I want that only the Owner AND his group can edit and "submit" the content object..
It works if the Group has "can edit" Permission on the parent folder - but this is not the best way, i think

Are there any packages in Collective or has anyone an hint or example to achieve this?