you mark an investigation as Restricted, only the incident owner
and the team associated with the incident can view the investigation.
Other users cannot view or access the incident. You can always remove
the Restricted configuration.
Limiting actions in the incident table according to roles.
can edit the incident table action by going to
USERS AND ROLES
selecting the table actions for the role. For more information about
defining roles, see Define a Role.