@Marc - Devoteam - Hi Marc, thanks for the quick reply. So we had a scenario where someone on our support team, who has a JSM license, created a ticket in my Admin project. While the user has a JSM license, they are not in the role that is granted the Service Desk Agent permission in my project. However, I made an internal comment about something, which I did not want them to see (nothing bad about the co-worker, just my thoughts on the situation). However, ten minutes later, they responded to my comment. I'll add a screenshot of my permission scheme.

 ----

While I was doing research, I stumbled across some Atlassian documentation that said they only needed the Browse permission to see internal comments (which the user had). 

Here's a snippet of the documentation, "By default, internal notes are visible to all internal users of your service project, so you’ll see an open lock icon (or if you’re using a screen reader, hear 'Visible to all users')."

--

What you're saying though is I should be able to give these users the Browse permission, but not the Service Desk Agent permission and they should not see internal comments.

Side note, I took away browse permission for the jira-software-users group because I wanted users to use the portal to create tickets instead of Jira Software. Unfortunately, this seems to have stopped e-mails being sent to reporters. Doh!

Thanks for the help.

Hi @Jeramy 

So your admin project is also JSM project.

So any user with a JSM license, who is able to access other JSM project is able to see internal and external comments.

This is not dependent on the Service Team role.

It is based on the license.