The parameter "ENABLE_GROUP_BASED_ACCESS_CONTROL" blocks group members from searching for tickets not directed to them, but for me to direct a ticket to another group I must also belong to the target group. It's okay not to have access to tickets from other groups, even for viewing when the parameter is seted to "yes", but I don't see the point in not being able to direct a ticket to another group unless I belong to it. Assuming hypothetically that I belong to multiple groups and direct a ticket to a group by mistake, another member of the group realizing the error may not be able to redirect it. My suggestion is that it is possible to direct the tickets when the parameter "ENABLE_GROUP_BASED_ACCESS_CONTROL" is set to "yes" for everyone, and that after redirecting, all kind of access to the ticket is blocked and the access is allowed to the members of the group directed only.
But allowing to send the ticket to the another group.