"private" ticket option which is only exposed to users with a particular permission
|Reported by:||ejucovy||Owned by:||anybody|
I would love to have a "private" field on tickets, which, when set on a ticket, would hide that ticket in all reports, queries, etc and prevent it from being viewed unless the user has a particular VIEW_PRIVATE_TICKETS permission set. This would allow me to, for example, catalog security vulnerabilities without exposing those vulnerabilities in public.
The details here are fairly unimportant; for example I could imagine it might be difficult to actually hide all references to the ticket. I think the following would be sufficient and probably easier:
- the ticket itself should be unviewable to users without the VIEW_PRIVATE_TICKETS permission
- certain fields of the ticket (summary, description) should be obfuscated on all reports, queries etc to users without the VIEW_PRIVATE_TICKETS permission