Limit customer permissions on the Service Desk Portal

We currently have a project where we have a few key users who are allowed to create tickets.

These key users are manually added as customers.

When the ticket requires more information, we would like the customer to add a colleague as a request participant and allow this person to only add comments/add attachments.

However it seems that the moment we add the request participant, this person is added as a full customer (under the Service Desk Customer - Portal Access security type).

One way would be to create an internal security group and use a validator to block anyone that is not part of this key user group to create a new issue. This however is a bit "dirty".

I was unable to find any information on how it might be possible to limit a customers permissions more granualary. It seems to be an all or nothing scenario.

Does anybody know of a app that can do this or of a method of working that could divide customers in to different security levels allowing some to create, other to just comment, others to... 

If not we might need to just add an approval step in the issue and allow any customer to create an issue but have the key users approve it before it reaches our support staff.