SelfService behavior modification

The default behavior of the SelfService is pretty good, and certainly
the most reasonable default, but we’ve got something else in mind. :slight_smile:
Here’s what we’d like to see:

Customer A has three (non-privileged) users who use RT to submit and
track issues
Customer B has three (non-privileged) users who use RT to submit and
track issues
Users from Customer A can log in and see all tickets submitted by all
Customer A’s users
Same for Customer B
They MUST NOT see any of the other customer’s tickets

I've been thinking this could be done with distinct queues: Customer A 

gets a queue with all their tickets in it, and I can modify the
SelfService page to restrict by queue, not user. This would, as near as
I can tell, involve a new database table linking user to
default/restricted queue, so the SelfService could do a lookup on a
given user to see what queue to display. Thoughts?

Also, this would help with another issue: when one of these users 

create a ticket, I’d like it to go to a default queue. That is, when a
user from Customer A creates a ticket, I’d like it to go to the queue
defined either by customer (if we use the above scheme) or by the
internal group responsible for that customer. My first thought here was
a new Scrip that essentially did something like:
on Create if user = user1 Queue = CustomerA
if user = user2 Queue = CustomerB
and so on, but, well, we’ve got a few hundred customers, with one to
four users per customer, and about six internal groups, so any work put
into a database-based solution would quickly be dwarfed by maintaining
this massive ugly string of ifs.

Any thoughts on how to do this are welcomed. The scalability and 

ability of non-perl people to maintain this list are key points. We’re
going live with the default behavior in a week or so; again, it’s a
reasonable default, and people are already pretty excited about what
that’s giving us.

Much thanks,
some guy from jersey.