I am trying to use the Nintex workflow "set item permissions" actions (on prem, enterprise version) to lock down users from being able to see any items except what they have created or that has their name listed in a specific people field on the item. This is for a help desk ticketing system so I need the IT staff SharePoint group to have full control over all items.
Is the set item permissions action the best way to do this? If so, any advice on how to get it to work? I am able to give the created by and employee contribute access but I do not know how to lock down other users from seeing items that aren't theirs nor do I know how to give the IT Staff group full access. I know I can use the "remove" and "full access" permissions in the drop down but how can I get all other domain users to have remove and all IT Staff users to have full control?