I set permissions in the setup Workflow by group. However i don't separate out who can edit what ticket, just if they have edit rights in general. To be more granular i bet that would require a major overhaul of the permissions system.
Limiting search results is going to take rewriting queries in the work flows ( we are going to be doing that too, after we go live )