Thanks for a fine product! I have some observations / bugs, or might just be my own oversight on how to configure. Running on: osTicket v1.9.9-1-gbe2f138 (be2f138), Web Server Apache/2.4.7 (Ubuntu), MySQL 5.5.43, PHP 5.5.9-1ubuntu4.11I have 2 departments (A and B) setup, and each department also has its own group defined, to control access to tickets only from the own department. - User A from department A logs in: can only see own departmental tickets.- User B from department B logs in: can only see own departmental tickets.But using a "backdoor" user B can get to ticket titles of A.Steps to reproduce:- Go to users, then list all users.- Click on any user- Tickets are being displayed for the user (regardless of which department these tickets belong to)Viewing a ticket yields in Access Denied, but ticket titles may reveal sensitive information. Ideally tickets that are off limit should be totally invisible to agents.