We wanted to restrict a user with a specific role from accessing a table if they don't have any pending ticket assigned to them or their assignment group.

Context: External users will have a role called "restricted_itil" where they will have access to incident table, RITM, Change Request "IF and ONLY IF" they have tickets assigned to them or to their assignment group. So if they don't have any pending incident tickets assigned to their assignment group, then they can't access the incident table.

How do we start creating this in ACL?