I am talking not able to perform to another access group .
For eg : Suppose there are two access group 1.Userrole 2.Manager
if there is an assignment a user of access group "Userrole" is created and while working there will be a point when that assignment is assigned to another user of same access group i.e "Userrole" so the first user can able to work on it because it is of same access group . if it transferred to user having access group "Manager" so the first user who created the assignment not able to perform work on it because it is of another access group.
By securing the Flow actions themselves you may restrict access groups from performing particular steps, in this way the RARO on Assign-Worklist can be opened up to allow users to operate on each others work provided they can perform the specific actions.
As I understand from your query, there are 2 requirements
1. User2 with access group2 with associated Application1 should be able to access the work generated by User3 with same access group2 and Application1
2. User2 with access group2 with associated Application1 should not be able to access the work generated by User4 with different access group3 and Application3
Requirement 1: It is the default behavior. User2 will be able to access the work created by User3. Attached detailed document on this requirement.
Requirement 2: User2 will not be able to access the work created by User4 since they belong to different access group and different application. In case if these two access groups point to same application, the accessibility depends on the configuration of workgroups and workpools of both access group.
If user2 and user4 has different access group but pointing to same application, then please check the 'available roles' in both the access groups. Provide required privileges to give user4 access to user2 work.