Hi Andrew,
Can you please elaborate on what is the behavior you wish to obtain? I understand you are using org-based access restrictions, but it's not clear what is the desired vs. observed behavior.
Through access restrictions you can ensure that all users with a certain role can only see tickets assigned to their org unit (or to a specific org unit). For example, if you have an org unit called "Confidential", you can configure the system so that, once the ticket is routed (automatically or manually) to Confidential, only employees assigned to Confidential can see it, and not anybody else.
The agent who makes the reassignment may still be able to see the ticket even if he's in another org unit, as long as he remains the processor (Assigned To). The ticket will become invisible to him as well as soon as one of the agents from "Confidential" takes it over.
Kind regards,
Gab