I have several non IT groups who are either now using ServiceDesk or who would like to start using it. One issue I have is with our HR department. they would like to intake requests; however, I cannot isolate their tickets under the current security model.

 It would be nice if there was an option, perhaps in roles or groups to explicitly deny access to tickets owned by certain groups so I can protect privacy issues relaed to grievances, FMLA, etc that would otherwise be exposed. It is not practical for me to only allow IT groups to see tickets within their own queue which is really the only existing method I could use to isolate them.

Thanks