Here we have a business rule that checks whether the user is a member of the assignment group of the ticket, and rejects updates if they are not.

Remember that business rules are not the best way to reject updates from users; we're just using this as a simple example. A better way to enforce this functionality would be through ACLs or possible UI/data policies.