Thread:Project:Support desk/Restrict Namespaces Read/Write Access via LDAP Groups/reply (2)

You should set up a separate wiki for content only the IT department should be able to see; see Security issues with authorization extensions, which lists many different ways to bypass read restrictions and then notes "There are probably more 'holes' in the read protection system."