Seperation of power approvals for config changes

Hello all,

     We recently brought on the NCM module and ran into an issue. Our Firewall team and our Network Device team are separate and do not overlap on authority. I have our devices automatically associate with a group based on what they are (aka, an ASA goes to firewall while a Catalyst goes to network device). My problem comes in separating out who gets what. I have 2 approves for network and 2 for firewall changes, how can I say if this device is a firewall only bob or sue can get the email and approve, but if a network device Jack or Jill gets the email and can approve? Any help on this would be greatly appreciated.