diff --git a/app/assets/javascripts/app/models/ticket.coffee b/app/assets/javascripts/app/models/ticket.coffee
index fa9c3ad8f..bd9466947 100644
--- a/app/assets/javascripts/app/models/ticket.coffee
+++ b/app/assets/javascripts/app/models/ticket.coffee
@@ -266,6 +266,8 @@ class App.Ticket extends App.Model
     user = App.User.current()
     return false if !user?
     return true if user.id is @customer_id
+    return true if user.organization_id && @organization_id && user.organization_id is @organization_id
+    return false if !@group_id
     group_ids = user.allGroupIds(permission)
     for local_group_id in group_ids
       if local_group_id.toString() is @group_id.toString()
diff --git a/app/views/tests/model_ticket.html.erb b/app/views/tests/model_ticket.html.erb
new file mode 100644
index 000000000..71b64d95a
--- /dev/null
+++ b/app/views/tests/model_ticket.html.erb
@@ -0,0 +1,16 @@
+
+<link rel="stylesheet" href="/assets/tests/qunit-1.21.0.css">
+<script src="/assets/tests/qunit-1.21.0.js"></script>
+<script src="/assets/tests/model_ticket.js"></script>
+
+<style type="text/css">
+body {
+  padding-top: 0px;
+}
+</style>
+
+<script type="text/javascript">
+</script>
+
+<div id="qunit" class="u-dontfold"></div>
+
diff --git a/config/routes/test.rb b/config/routes/test.rb
index 9e3f94a7f..36c1a5d00 100644
--- a/config/routes/test.rb
+++ b/config/routes/test.rb
@@ -7,6 +7,7 @@ Zammad::Application.routes.draw do
   match '/tests_model',                       to: 'tests#model',                      via: :get
   match '/tests_model_binding',               to: 'tests#model_binding',              via: :get
   match '/tests_model_ui',                    to: 'tests#model_ui',                   via: :get
+  match '/tests_model_ticket',                to: 'tests#model_ticket',               via: :get
   match '/tests_form',                        to: 'tests#form',                       via: :get
   match '/tests_form_tree_select',            to: 'tests#form_tree_select',           via: :get
   match '/tests_form_find',                   to: 'tests#form_find',                  via: :get
diff --git a/public/assets/tests/model_ticket.js b/public/assets/tests/model_ticket.js
new file mode 100644
index 000000000..e6fbb5714
--- /dev/null
+++ b/public/assets/tests/model_ticket.js
@@ -0,0 +1,104 @@
+window.onload = function() {
+
+  App.Ticket.refresh([{
+    id: 1,
+    title: 'ticket1',
+    state_id: 1,
+    customer_id: 33,
+    organization_id: 1,
+    owner_id: 1,
+  },
+  {
+    id: 2,
+    title: 'ticket2',
+    state_id: 1,
+    customer_id: 44,
+    organization_id: 1,
+    owner_id: 1,
+  },
+  {
+    id: 3,
+    title: 'ticket3',
+    state_id: 1,
+    customer_id: 55,
+    organization_id: undefined,
+    owner_id: 1,
+  },
+  {
+    id: 4,
+    title: 'ticket4',
+    state_id: 1,
+    customer_id: 66,
+    organization_id: undefined,
+    owner_id: 1,
+    group_id: 1,
+  }])
+
+  App.User.refresh([{
+    id: 33,
+    login: 'hh@1example.com',
+    firstname: 'Harald',
+    lastname: 'Habebe',
+    email: 'hh1@example.com',
+    organization_id: 1,
+    role_ids: [3],
+    active: true,
+  },
+  {
+    id: 44,
+    login: 'hh2@example.com',
+    firstname: 'Harald',
+    lastname: 'Habebe',
+    email: 'hh2@example.com',
+    organization_id: 2,
+    role_ids: [3],
+    active: true,
+  },
+  {
+    id: 55,
+    login: 'hh3example.com',
+    firstname: 'Harald',
+    lastname: 'Habebe',
+    email: 'hh3@example.com',
+    organization_id: undefined,
+    role_ids: [3],
+    active: true,
+  }])
+
+  test('ticket.editabe customer user #1', function() {
+    App.Session.set(33)
+    ticket1 = App.Ticket.find(1);
+    ok(ticket1.editable(), 'access via customer_id');
+    ticket2 = App.Ticket.find(2);
+    ok(ticket2.editable(), 'access via organization_id');
+    ticket3 = App.Ticket.find(3);
+    ok(!ticket3.editable(), 'no access');
+    ticket4 = App.Ticket.find(4);
+    ok(!ticket4.editable(), 'no access');
+  });
+
+  test('ticket.editabe customer user #2', function() {
+    App.Session.set(44)
+    ticket1 = App.Ticket.find(1);
+    ok(!ticket1.editable(), 'no access');
+    ticket2 = App.Ticket.find(2);
+    ok(ticket2.editable(), 'access via customer_id');
+    ticket3 = App.Ticket.find(3);
+    ok(!ticket3.editable(), 'no access');
+    ticket4 = App.Ticket.find(4);
+    ok(!ticket4.editable(), 'no access');
+  });
+
+  test('ticket.editabe customer user #3', function() {
+    App.Session.set(55)
+    ticket1 = App.Ticket.find(1);
+    ok(!ticket1.editable(), 'no access');
+    ticket2 = App.Ticket.find(2);
+    ok(!ticket2.editable(), 'no access');
+    ticket3 = App.Ticket.find(3);
+    ok(ticket3.editable(), 'access via customer_id');
+    ticket4 = App.Ticket.find(4);
+    ok(!ticket4.editable(), 'no access');
+  });
+
+}
diff --git a/spec/system/js/q_unit_spec.rb b/spec/system/js/q_unit_spec.rb
index a76d7bd9d..7048b0308 100644
--- a/spec/system/js/q_unit_spec.rb
+++ b/spec/system/js/q_unit_spec.rb
@@ -51,6 +51,10 @@ RSpec.describe 'QUnit', type: :system, authenticated: false, set_up: true, webso
       q_unit_tests('model_ui')
     end
 
+    it 'Model Ticket' do
+      q_unit_tests('model_ticket')
+    end
+
     it 'Ticket selector' do
       q_unit_tests('ticket_selector')
     end