Hi.
My understaning:
Restrictions by data Partition is primarely done through conditions on the context object, not the logged in user.
That means , you always define data partitions constraints on parameter of the context object , here the ticket factory.
the comparisons in a constraint mostly look like:
<context_object_attribute_name>=<value>
While the attribute name part supports a kind of relation-ship chain, the value part only supports simple values(more or less literals), with the ability to specify placeholders of the logged in user.
That said, it is not possible to say something like
Restrict view ticket access to tickets where the currrent group is 'ISPO security' and the logged in user is a member of group 'ISPO Security'.
But it would be possible to have a more general Approach, for example:
Restrict View Access to tickets where the logged in user is a member of the current Group of a ticket.
the constraint would look like
group.member_list.member IN (@root.id)
I think this could work in your situation.
Hope this helps
Regards
..........Michael