Agents should not be able to see internal notes on a ticket where they are not in the group it is assigned to

How are your roles set up? You should be able to limit agents to only see tickets in their groups (although I'm not sure if the fact they're the requester makes a difference).

I think I've got that set up right. We don't have enterprise so we don't have custom roles, but even the stock ones specifically say "Tickets in agent's groups".

Something I found interesting is that the requester was getting an email from the internal note, but they still couldn't see that internal note while viewing it in Guide. The only thing I can think to kind of work around it, is change the trigger that notifies requesters of comment update to Public only instead of present and requester can see the comment (even though that should work).

That is correct - Agents that are the requester can always access the ticket they are a requester on. Even if they aren't in the group. I think Zendesk is coming out with something called Private Groups. I found this comment on an article: https://support.zendesk.com/hc/en-us/community/posts/4409217596314/comments/4552797890842

Thanks for jumping in Sydney Neubauer . We will be releasing Private Groups for enterprise plans in the next few months.

That won't necessarily address the 'agent as a requester' seeing all the internal notes, however. We HAVE thought about changing that experience and would love to hear more. Alex Calvin - how often is this coming up for you as an issue? What have you been doing to workaround this in the meantime?

Thanks for your help, 

Alina

Alina Wright, it wasn't coming up a ton in the past as we had a separate Zendesk instance for each department. But we have now merged all departments into one instance and it is quite common for let's say a member of Operations who is an agent to submit an IT ticket.

To work around the issue, I have edited the "Notify requester of comment update" trigger to only notify on public comments (see screenshot). The problem with this workaround is if I as an IT agent make a private comment on another IT agent's ticket, they will not get an email about it.

Alina Wright Are you wanting a separate post, add comments here or will you want a ticket opened?

Agents being requesters feedback:

Background: We have Agents that work inside our instance (Admins have an intake workflow, Products run their own internal processes). All of our intake tickets are from Agents within the instance.

Why not have 2 instances?: We are not able to separate ourselves into another instance as the help centres we manage are within the same instance, so there isn't a point in creating a whole new instance. The Agents that also work these groups handle other groups so they would then need to have 2 licenses in 2 instances which is an unnecessary cost

Ideal: Agents that are reuqesters on a ticket should never be able to access their own tickets. This is a privacy concern as we do not want requesters to see internal processes or conversations. Especially if it is a Legal matter. This can even be applied to Agents within the group in some cases.

There should be the ability on the role to set how restricted the groups should be (can't access tickets they are requester on, can't access tickets they are requester on even if they are in the group, etc). The reason for this is because our Agents may have a problem but are not able to handle their own tickets. So they would need to submit a ticket to another Agent to handle. The Requester should not be able to access the ticket for security/privacy legality.

I found this post and was hoping you could help. We are trying to figure out how to limit agent's in certain groups from seeing the internal notes on tickets assigned to a group that they are not part of. This is becoming a big issue for us. Any help would be appreciated.