This is accomplished by using a Data Partition Constraint.
The Assignee and/or Group field on Workflow Tasks is required to implement this functionality.
The details of the Constraint are as follows:
Type: pre update
Where clause: assignee = @root.id OR assignee IS NULL OR (group.[group]group_list.member IN @root.id)
This constraint restricts users from updating workflow tasks not assigned to them, or a member of the Group assigned, unless the assignee and group field is null.