It would be an excellent idea to create a tiered user solution. Let's say:

Tier 1 - Responsible for Low priority incidents' and resolving - like help desk technicians

Tier 2 - Responsible for Medium to High priority incidents and resolving - like security engineers and network engineers

Tier 3 - Responsible for managing the organizations, incident responses when it is High priority, user management, agent management, reaching out to the organizations, etc.

I would say Tier 1 and Tier 2 could be a little customizable where there could be a user in any of those categories that would be trusted to have a feature that normally isn't issued. Tier 3 should be management and high-level incident response, as well as, user management.

Making a tiered solution would be easier to manage because there are so many options and don't have to spend so much time researching who should have what.