Modify User records

We have our entire technical services team setup as privileged users. Additionally, they are members of specific groups for security purposes so that their interaction within queues other than their own is limited. We will have the general population use selfservice for submitting tickets, but we want privileged users to be able to modify user records for unprivileged users. Is there a granular way we can allow for that without giving privileged group more than they need?

as additional clarification, we’d like to be able to modify things like work phone etc

You can give priv users the rights to edit users, but I don’t believe you can
limit who they can edit based on priv or unpriv status