Stephen - did you manage to get a way to do this as I've just come across the same requirement. Only allow the person who hasd the incident assigned to do an action.
I've done this in some of my processes with a precondition ("standard" type) before the action to be "protected" that tests on "Is $currentuser$". when i've need to do this for odd actions.
May not be practical to do for lots of actions across all statuses though. Also wouldnt work for optional actions.
Maybe an ER that would allow us to specify a condition on an optional action would be good to have too. Ie say "only allow the "Add Note" optional action at this status when $currentuser$ = Current Assigned User".
I currently have a call open with support to look into this for me.
I use tasks to get approval on my change requests - so its vital that only the intended person is able to click it through the process. In Console it was easy because I just limited the task collection at the bottom of the window to not launch and gave the analysts a query to only open tasks that are assigned to them. In WebDesk however the collection / query at the bottom of the window does not use that Launch action - it opens it regardless.
And with Service Portal going in 7.4, I need to find a fix before we can upgrade...
Will keep you posted on what feedback I get.
Thanks Julian - I think you've given me the solution for my main issue to protect the "approve" action.