The default permisson for comments are "all users". It would be nice if the project administrator can specify the default group for this permission.
In our case we have a support project that contains an issue for every mail sent to the support address. We are using the Enterprise license that enables us to give the reporter the right to browse the project. In other words: the user can view it's own issues and comments. Since most of the comments are internal, and should not be viewable by the user, we have to change the group whenever we make a comment to be sure that the reporting user will not se the comment.
It would be nice if we could set the default group so that for instance all comments defaults to an internal group, but the comments that is added within a workflow transition could have another default. This would allow us to make "hidden" comments, but when resolving the issue the comment should be viewable by all so that the user will get a mail notification.
I hope this was understandable...