You can disable the write access to Service calls for the a specific role. Go to System->Security->Access->Role and then select the role you want to restrict and then in the details for Service calls select "modify when assign to user".
I would suggest using folders. So you would have your workgroup in one folder and the other users would not be able to see into that folder. The service call itself would be in public folder and available to anyone.
I hope that makes sense.
You can observe a lot just by watching. - YOGI BERRA