In order to maintain good security (according to the Principle of Least Access) we don't want to give all agents access to all groups. However, we do want agents to be able to view tickets from other groups. The default solution for this in Zendesk would be to add the agents who need view access to those tickets into those groups (for example, users from team A would be added to the groups for team B and team C). The problem with this approach is 1. When you go to assign a ticket within that group, these users would be shown as an option, even though they are not actually handling tickets. This can result in tickets being accidentally assigned to these 'read only' users. 2. Any views or macros assigned to these other groups now display for the 'read only' users, which in our case means the users' own views are pushed off the screen.
Has anyone found a way to manage this without violating basic security principles by giving users access to all groups?