Restricting access to RITM per user

Hi everyone,

I’m currently working on a ServiceNow implementation and ran into an access control issue related to RITM visibility. I’d really appreciate your advice.

Use case:

• We create 1 Request that generates multiple RITMs

• Each RITM is assigned to a specific user (all users have business_stakeholder role)

Problem:
It seems like all users with the business_stakeholder role are able to

• View and comment to RITMs assigned to others

However, the requirement is:
👉 A user should only be able to see RITMs where they are:

• assigned_to/requested_for/opened_by (also admin/itil)

What I tried:

• Created a custom ACL on sc_req_item (read) with logic restricting access to the above users but it doesn’t work as expected.

Question:

What is the recommended way to restrict RITM visibility per user? 

Thank you for your help!