Ticket Viewing Restrictions

Hello, I have a scenario that we would like for you to validate. 

Within our Security Tickets applications, we have several services where the tickets must be 'private' and only visible to designated technicians.  However, within the Security Tickets application, we have several services that require support from the technicians in the "IT Tickets" applications.  Currently, we use IPaaS to create a support ticket in the IT Tickets application. We have a loosely coupled "parent-child" relationship between the parent Security Tickets and IT Support tickets applications.  When the IT support ticket tasks are done, another IPaaS flow communicates back to the parent and updates the parent ticket.

We would like to be able to provide IT Support technicians access to the Security Tickets application but restrict access so the IT Support technicians can only see the "shared" tickets and not the more restricted private tickets that contain confidential information.

From what we understand of the security role permissions, if we give an IT Support technician access to the Security Tickets application with only the "The user will be able to edit tickets for which they are primarily responsible" selected (all other permissions unchecked).  The It Support technician could still view ALL the tickets in the more restricted Security Tickets.

Is this correct?  Is there a way to give a technician access to a ticketing application BUT only allow them to review a specific set of tickets?

Thanks, Tevis