I have not yet implemented this (kind of low on my priority list right now), but I have thought about it as I have also gotten that request. I was thinking that I would use the "Business Owner" role and restrict their view based on the department/cost center numbers associated with their profile with the department/cost center that is listed in Incident. This assumes that you collect that information on record of the Incident or Service Request. That's as far as I've gotten.
We had the same thing be asked but they wanted to be able to see all request submitted by their departments.
1. Under Configure Application go to "Roles and Permissions"
2. Find the Role you want to edit (I created a test role to make sure this worked the way I wanted)
3. Go to the Object Permissions and find ServiceReq
4. Select "Edit" under "Access"
5. There should be a gray + sign
6. I used the below formula to make it read only for them
7. Then so they could not see anything but the Parameters I created a layout used only for that role I created.
Thanks Patrina! I will definitely look into this way!